Talk:Internet privacy

Some old comments mixed with one newer comment that weren't in a section
This article includes some good information. Perhaps if the ideas are combined with the digital trail article, we can have a really strong article.

This page contains a bunch of stupid stuff and just plain nonsense. Cleanup? 24.5.54.218 07:27, 20 Dec 2004 (UTC)
 * Yes, needs cleanup. Did you forget to loigin? -- Chris 73 Talk 07:28, Dec 20, 2004 (UTC)


 * Yeah. There's the bit about logging temperature and vibration, and I can't figure out what "a young woman in New York City was on a first date with an online acquaintance and later sued for sexual harassment as they went back to her apartment after when everything became too real" means. This important article lacks coherence and flow. I'd suggest seperating into provided information (eg. facebook) and collected information (eg. malware, logs, etc)68.149.1.64 (talk) 05:45, 15 February 2012 (UTC)

It does need a lot of clean up still, Steve Rambam's opinion hardly seems significant enough to be front and center on an encyclopedic entry. He was arrested by the FBI in 2006 for "witness tampering and obstruction of justice in an ongoing government case against a former Brooklyn assistant district attorney who was indicted for money-laundering." From Brian Krebs' time at the Washington Post. http://voices.washingtonpost.com/securityfix/2006/07/fbi_arrest_private_eye_speaker.html Bluemoonsoon (talk) 16:25, 31 October 2015 (UTC)

I would like to suggest that the pronoun "you" should not be used in this (or any) Wikipedia article. One-dimensional Tangent (Talk) 03:47, 26 August 2005 (UTC)

Editing one section
Under the heading of "Teachers and Myspace", there is a coherence problem in the second paragraph (about Stacy Snyder). The funny inference from this paragraph is that due to her picture on Mysapce, she was given an English degree. (as a conciliatory prize)
 * "The Chronicle of Higher Education wrote an article on April 27, 2007 entitled "A MySpace Photo Costs a Student a Teaching Certificate" about      Stacy Snyder[15]. She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirates’ hat on and a caption of “Drunken Pirate". Due to this, she was given an English degree."

Without knowing the case any more than the article, I suggest someone with more knowledge rectify this situation. I would separate the fact the MySpace experience from the information about her receiving an English degree. I suggest rewriting the last sentence, to "Because of the community's reaction to her MySpace picture she was not granted her teaching degree." Scrap the whole idea of her English degree. Writerz (talk) 01:29, 14 September 2008 (UTC)

I love bellies J.kitsonmoore (talk) 16:32, 6 October 2020 (UTC)

Noted cases?
Why is it necessary to highlight these two particular "Noted cases" (AOL data & Craigslist thing). Seems there have been many internet privacy cases over the decades, and these just happen to be recent ones. (I hate presentist biases). --ZimZalaBim (talk) 20:20, 12 September 2006 (UTC)

Fortuny prank
I've trimmed the section on Jason Fortuny's Craigslist prank; it's still a bit too long, I think, but I think getting it any shorter would require an actual rewrite of the section.

I know that Fortuny referred to the prank as an 'experiment', but I don't think the article itself should follow suit, at least not without sarcasm quotes, as there was nothing in Fortuny's methods that resembled an experiment in the scientific sense. So I've changed one 'experiment' to 'prank'. -- Vary | Talk 15:47, 24 November 2006 (UTC)

as of oct 2007 the article needs wikified. it seems to be done now, maybe that needs to be taken off? Badmachine (talk) 04:27, 5 April 2008 (UTC)

Help reverting vandalism -- impossible!
The spam filter is currently stopping me from reverting the vandalism on this page because there is a link already existing on the page which now is on a spam blacklist meaning I can't save the reverted page. Angus Lepper(T, C, D) 22:12, 22 May 2007 (UTC)
 * I settled for simply removing the citation causing the problem. Replace the '0' in the URL with an 'o'.

social networks and privacy
I added a fact tag to the assertion that social networking websites provide 'adequate' privacy measures. I don't necessarily disagree, and often counsel friends who hype the perceived privacy problems of sites like myspace and facebook that such pages cannot reveal information that they as users do not provide, but nevertheless, I think that it is clear that such a comment fails to satisfy NPOV. Who says that the privacy measures of Facebook (for example) are 'adequate'? additionally, I was encountering difficulty with the spam filter on this page because of the inclusion of one of the links in the 'broken links' section above. I reformatted the spelling of the website so that this edit would go through. Cuffeparade 16:35, 25 October 2007 (UTC)

Degrees of severity and risk
I found that in terms of expressing the concept of internet privacy, there was a lot of straightforward statements about the "strength" of some forms of privacy as well as "legitimate" uses of information. I feel it's difficult to nail down in a fashion that is agreeable by everyone as to what is a valid use of people's information and what isn't. I tried to clean up some of the more blatant issues I felt were there, but I do still feel there is a leaning in this article. Roadm (talk) 03:36, 10 February 2008 (UTC)

Possible Fortuny Prank Justification: Exposure of Malfeasance?
Although some online exposures of personal information have been seen as justified as exposing malfeasance, many commentators on the Fortuny case saw no such justification here.

What's malfeasance got to do with semi-random private citizens? This sentence seems irrelevant as phrased currently.

If you want to talk about justification for exposing misbehavior of some kind, that idea is remotely plausible.

—63.249.110.32 (talk) 01:44, 17 May 2008 (UTC)

There is a world outside the US
This article is too US specific. It gives place names without indicating what country they are in. 78.149.219.203 (talk) 11:35, 18 August 2008 (UTC)

How about the privacy of IP packets?
I had a friend check for domain names, and somehow someone grabbed it after several days. This has also happened to me once. How does the law approach this issue? Obviously someone sniffed our IP packets and recovered the domain name we were checking. Who's liable for this? --Nathanael Bar-Aur L. (talk) 22:21, 3 December 2008 (UTC)

There are plenty of ways to do that without direct sniffing of your packets; and those methods are far more likely, and irrelevant here. King Spook 02:49, 5 December 2008 (UTC) —Preceding unsigned comment added by Kngspook (talk • contribs)

Remove Case Studies?
I'm not convinced that the case studies make a valuable addition to this article. Several commenters above have questioned the neutrality of this article in various ways. These examples are interesting, but seem rather arbitrary and not particularly illustrative of the breadth of the internet privacy topic. So far the examples consist of a case study which has its own entry (Jason Fortuny), an incomplete history of the use of search engine data by law enforcement, and two cherry-picked court cases. I recommend removing this content, though perhaps linking to the Fortuny article. Since this is a large change, I thought I would post here first to see what people think. Judd (talk) 16:55, 5 December 2008 (UTC)
 * I agree. The article's becoming a coatrack for detailed discussions of cases that don't merit their own articles.  Anything in the Fortuny's section that isn't already covered in his article should be moved there, but the rest can go, imo. -- Vary  Talk 23:23, 24 January 2009 (UTC)
 * I also agree. Unless a specific case sets a precedent that informs the nature and scope of Internet privacy, I don't believe case studies lend much. I do think that specific ways in which laws, etc. contour online privacy, and a recounting of the laws responsible, add another, needed dimension to the article. To this end I added the "Legal Threats" section, and two such legally sanctioned mens in which online privacy (for better or worse) is curtailed by the state. I view this information as similar, but distinct and more useful than a potentially endless enumeration of case studies. I would love others thoughts on this angle.

--SoulSyndicate (talk) 00:49, 9 February 2009 (UTC)
 * Agreed. That material is better organized by moving it to a "list of" type article or just using a category or links to any notable incident.  The article needs improvement and clean-up in other ways but narrowing the focus is a good start.Wikidemon (talk) 23:21, 21 February 2009 (UTC)

-- I have to disagree. I think that these case studies give the casual wikipedia reader great insight into specific instances where internet search engines have been used by law enforcement agencies. i suspect many people would be interested to know this and the citation provided to the Global Privacy Journal Article would be a great starting point for them to find out more. There simply isn't enough room in this article to have a comprehensive discussion of the need for a "compelte history of the use of search engine data by law enforcement." While that would be great, i think this article does enough to provide a overview of the issues. —Preceding unsigned comment added by 64.32.145.74 (talk) 19:17, 25 October 2009 (UTC)

MySpace? Seriously????
"She was a student of Millersville University of Pennsylvania who was denied her teaching degree because of an unprofessional photo posted on MySpace, which involved her drinking with a pirates’ hat on and a caption of “Drunken Pirate". As a substitute, she was given an English degree."

I simply cannot get over the fact that people are being treated unfairly in their PROFESSIONAL lives, simply because they have a PERSONAL social networking profile, and are judged by it, ie - what it looks like, what pictures, music, etc, are on it. WHY are professional employers and schools even going on these sites searching for people anyways? I've heard about a clinic denying a patient because of what her Facebook page has on it. Are you FREAKING KIDDING ME??!!!? [Enter profanity here] those people who judge others like this and deny them professional equality. Seriously. Viperpulse (talk) 02:00, 21 January 2010 (UTC)

For example, I think that in the context of an job interview it is very important to do your best to please the recruiters but finally it turns out, after a while, you don't suit the recruiters moreover it is very difficult for them to figure out you really are for two hours specially because you are hiding yourself. Recruiters would be interested in those social medias only for minimizing the risk of hiring a non-interesting workers or also for choosing the best profile between two applicants. Nevertherless it is not always necessarily in a descriminative way, they would rather hire someone that they can trust.

Here an article from Forbes magazin that depicts widely my point of view.

Proposed move
Not filing this as a WP:RM just yet, since what to rename it is an open question. This article should obviously be at either online privacy or electronic privacy. The name Internet privacy is too narrow. Just for starters, the most crucial legal case in the field had nothing to do with the Internet at all, but rather BBSes (namely Steve Jackson Games v. U.S. Secret Service). Very little (other than technical details) can be said about Internet privacy in particular that does not also apply to all other electronic networking technologies, past, present and almost certainly future. — SMcCandlish  Talk⇒ ʕ(Õلō)ˀ  Contribs. 06:08, 28 February 2011 (UTC)

Browser Fingerprinting
Browser and device(as in computer, smart phone, etc.) fingerprinting should be added and have a substantial discussion because this is the latest method of tracking. Editors should look at websites like Panopticlick, BrowserSpy, and http://ip-check.info/ (Anonymity Test). Apparently there's a lot of money to be made in user-specific(?) or targeted advertising on the internet, which seems to be what's driving this invasion of privacy. 107.36.164.74 (talk) 18:03, 28 December 2011 (UTC)

WSJ resource

 * EU Unveils Web-Privacy Rules; Proposed Changes Aim to Cut Red Tape, but Some Tech Firms Fear Added Burdens. January 26, 2012 page B9.  "Companies could be fined up to 2% of global annual turnover if they breach new data protection rules proposed Wednesday by the European Commission that aim to simplify the laws and reduce red tape.  The changes, the first overhaul to the data protection rules since 1995, when the Internet was used by just 1% of Europeans, would also mean that European Union rules would apply if data are handled abroad by companies that offer their services to EU citizens, such as Google Inc., Apple Inc., Microsoft Corp. and Facebook."

22:39, 27 January 2012 (UTC) — Preceding unsigned comment added by 97.87.29.188 (talk)

Review
This article is very turstworthy, quite biased, very complete, very well-written,and quite accurate. This is very well written and provides a broad variety of information related to internet security. Agampa (talk) 16:20, 5 February 2012 (UTC)agampa


 * Very optimistic view. The article is full if irrelevant details and most important issues are completely missing or buried deeply and very hard to find such as:
 * facebook bugs, paypal bugs
 * browser fingerprinting


 * Richiez (talk) 14:17, 7 February 2012 (UTC)

Doesn't read like an encyclopedic article
The article doesn't read like it's in an encyclopedia. It reads more like an essay on the topic. It goes into too many specifics, and I feel that it isn't encyclopedic overall.

Inglonias (talk) 19:44, 16 February 2012 (UTC)

I've read the section about Sweden under "Laws and regulation" and it feels weird. And what's the matter with the picture of the US politician? As if the picture is there for all to see and know the man who did something. Feels unencyclopedic for me. 85.64.39.12 (talk) 07:21, 24 April 2021 (UTC)

overview references
Lots to clean up here... but the references need a lot of work in particular. Better overview references would be super. -- phoebe / (talk to me) 22:56, 22 May 2012 (UTC)

NO PROTECTION AGAINST POLICE ! Or, 99999999 Cop's no job's.
Monitoring all connections to the Internet was here in Brussels, angekundigt publicly in newspapers (eg ). Helps a user identify speziäle policing program. This means - Get internet from any activities in Belgium out without the Belgian police for a Kentnis. Publication, Veröfentlichengen, discussion, chat, forum's, blog's, preparation, organization and Koordiniation a terrorist attack, etc., transactions over the Internet - Internet - such as banking, including credit card information. The question - Young Gay `s (obgemagerte Cruchon's) erlädigen this difficult job for Belgian police are subject to a secrecy about what they do or can they also Dinst auserkundschaft pralen free to express his opinion and so on? If the police or simply  mùit best connections to Islamist circles? A placement of a child porn Web Since Ciber or - send viruses via a Belgian provider, incognito and invisible to the police Belgique even impossible, right?  -- Drink only Uissky. — Preceding unsigned comment added by 194.78.58.10 (talk) 10:58, 15 June 2012 (UTC)

Page ratings
The ratings for this article aren't particularly good. 42 to 47 people have rated the page and the ratings on a scale from 1 (poor) to 5 (good) are: 2.3 Trustworthy (47), 2.0 Objective (42), 2.0 Complete (44), and 2.0 Well-written (47). What needs to be done to make the article better? --Jeff Ogden (W163) (talk) 02:31, 6 July 2012 (UTC)
 * It seems far too long, rambling (unfocused), non-neutral, and disorganized to me. LittleBen (talk) 02:21, 20 September 2012 (UTC)

State Laws Related to Internet Privacy
One link that could be included in this article is National Conference of State LegislaturesThis website could help in supporting information in regards to cases that refer to privacy laws. Many people may not know exactly what their state's laws maybe in regards to internet privacy and this site definitely helps in clearing up information. I feel that cases should be decided off of the laws that have been set instone but the laws can be bended to intiate rightful Justice. -Jmckella16 (talk) 01:37, 18 September 2012 (UTC)


 * ✅. I added this. --Jeff Ogden (W163) (talk) 02:58, 18 September 2012 (UTC)

HTML 5
The HTML 5 section of the main article seems a bit overbearing and convoluted. There is only one reference for the whole section. It also seems slightly biased, as if trying to convey that HTML 5 as a whole is a negative thing. The second paragraph is written in a confusing manner and does not add much to the article.

Stepping back from the section itself - are cookies the only possible exploit on HTML 5? I don't know the answer myself, but surely there is more information on what things, good or back, HTML 5 brings to the table in regards to Internet privacy. Chriisss (talk) 03:34, 18 September 2012 (UTC)


 * This Internet privacy article and the Internet security article are interrelated in that security defects in browsers and browser plugins can affect privacy as well as security. LittleBen (talk) 02:15, 20 September 2012 (UTC)


 * I agree with Chriisss - the HTML5 section is strange & one-sided. The WHATWG HTML section on privacy & user tracking should be cited. The basic point—that storage mechanisms have multiplied, so merely wiping cookies is no longer enough—should be mentioned. I can't confirm the "HTML 5 can store information from at least 10 different sites from your computer, much more than the ordinary cookie" which sounds simply untrue. Each domain can store precisely 1 cookie upon your computer & you can have an essentially unlimited number of domains employing cookies.
 * I'm going to make edits reflecting the above. I also think "code" isn't the right term, HTML5 is a web standard not a code. I'm not sure what privacy enhancements there are in HTML5 but I can research it a bit.
 * I don't understand how LittleBen's comment relates to the HTML5 section. Phette23 (talk) 18:04, 11 December 2012 (UTC)

Create a us-specific article?
Feel free to create an article for us-specific cases or put in article "internet privacy in the us"

This article is also still way too long Article size

Start of content saved from main article

Laws and regulations
The concept of “online privacy” is very broad and tends to cover other aspects of telecommunications and technology. The privacy concerns relate to both the misuse of certain information or the disclosure of this to others. Over the last thirty years, consumer privacy is a public issue that has received substantial attention. These rights protect individuals against the obligations by government. The growth of the Internet in general has produced new concerns about protecting the rights of consumers online. The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers’ control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display.

USA Patriot Act
The USA Patriot Act, signed into law on October 26, 2001 by former President Bush, is legislation to enhance law enforcement investigatory tools, investigate online activity, as well as to discourage terrorist acts both within the United States and around the world. This act reduced restrictions for law enforcement to search various methods and tools of communication such as telephone, e-mail, personal records including medical and financial, as well as reducing restrictions with obtaining of foreign intelligence. Many of these expanded powers and lowered standards are not limited to terrorist investigations.

The USA PATRIOT Act, professionally known as the “Uniting and Strengthening America by Providing Appropriate Tools Require to Intercept and Obstruct Terrorism Act” was put in to effect in reaction to the 9/11 Terrorist attacks. President Bush wanted to prevent terrorism in the United States and he believed that by keeping an eye on communication around the country, terrorism could be diminished. Although many people supported this law because of the September 11 attacks and the desire to keep America safe, many believe that this act interferes with civil liberties. The USA PATRIOT Act has been described as “unjustified infringement of privacy, association, and due process rights.” After the act passed, federal law enforcement now has access to additional wiretapping and surveillance.

Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act, enacted in 1986, is known as a “victory for privacy.” This act lays the boundaries for law enforcement having access to person electronic communication and stored electronic records. This includes email, pictures, date books, etc. With the enormous growth in the use of computers, many people store numerous items on servers that can ultimately be visible to many people. The ECPA protects this information from being accessed by law enforcement. There are five parts to the Act. Part I discusses the origin of the ECPA, Part II the law enforcement and the access provisions made involving electronic communication. Part II explains why this Act is needed due to the increase of personal internet use by individuals. Part IV observes the “business records cases” and pinpoints three principles. Lastly, Part V discusses ECPA’s reliance on the “business records cases” and the points against Part IV of the act.

This act makes it unlawful under certain conditions for an individual to reveal the information of electronic communication and contains a few exceptions. One clause allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another user. Another clause allows the ISP to reveal information from a message if the sender or recipient allows to its disclosure. Finally, information containing personal information may also be revealed for a court order or law enforcement’s subpoena.

Employees and employers Internet regulations
When considering the rights between employees and employers regarding internet privacy and protection at a company, different states have their own laws. Connecticut and Delaware both have laws that state an employer must create a written notice or electronic message that provides understanding that they will regulate the internet traffic. By doing so, this relates to the employees that the employer will be searching and monitoring emails and internet usage. Delaware charges $100 for a violation where Connecticut charges $500 for the first violation and then $1000 for the second. When looking at public employees and employers, California and Colorado created laws that would also create legal ways in which employers controlled internet usage. The law stated that a public company or agency must create a prior message to the employees stating that accounts will be monitored. Without these laws, employers could access information through employees accounts and use them illegally. In most cases, the employer is allowed to see whatever he or she pleases because of these laws stated both publicly and privately.

Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLB) was signed into law by U.S. President Bill Clinton and repealed part of the Glass-Stegall Act of 1933. The purpose of the legislation was to allow institutions to participate more broadly across investment banking, insurance, and commercial banking. The GLB also includes several provisions that aim to protect consumer data privacy. The Safeguards Rule, which implements the security requirements of the GLB Act, requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality of customer information.

The Children's Online Privacy Protection Act (COPPA)
The Children's Online Privacy Protection Act prohibits website operators from knowingly collecting personally identifiable information from children under 13 years old without parental consent. It requires site operators to collect only personal information that is “reasonably necessary” for an online activity. This law was put into action as an act in 1998 and took effect in 2000. Personal information that is not allowed to be obtained from children includes their full name, home or e-mail address, telephone number or social security number. This law was enacted in order to give parental control over the information collected from their children online and to know how that information is used or shared. In order to enforce this law, the FTC actively monitors websites. The FTC recommends that websites screen users if they collect personal information or if children under 13 could potentially be using the website.

Privacy Bill of Rights
On February 22, 2012 the Obama administration signed an agreement to put some new rules in place to regulate the information that can be taken from people on the Internet. Previously, companies have not been under any federal restrictions and have been basically in charge of themselves. Due to the recent uprisings about how companies, such as Facebook and Google, are using people’s information, the Obama administration felt it necessary to act. These new regulations will be a “privacy bill of rights.” And as a result, companies will have to change their privacy policies to ensure that personal information will only be used for things specifically permitted by the person giving it.

The National Telecommunications and Information Administration in collaboration with certain privacy activist groups will be working to develop “codes of conduct” for companies who collect personal information. However, some people fear the that the Federal Trade Commission will not be able to enforce these “codes of conduct” due to the fact that Congress has not passed these privacy regulations to law as of yet. It does appear that companies are willing to work with the government in order to calm the uproar with online privacy currently.

It was a document that the Obama Administration created to suggest how companies should protect consumer online information. Seven different rights that are outlined in this document. The first "right" is Individual control. Companies must provide clear and easy to understand policies on how they are going to use the consumer's data. The second "right" is transparency. Companies should outline clearly why they want to collect consumer's data. The third "right" is Respect for context. It means that the firm cannot decide it wants to use data for another purpose. The fourth "right" is Security. Consumers expect that firms provide adequate protection of their data. The fifth "right" is Access and Accuracy. The consumer should able to access their personal data to make edits. The sixth "right" is Focused collection. Companies should only collect the data that they need. The last "right" is Accountability. Companies should be held accountable for lost data. This document has not become a law yet.

U.S. state laws
In response to rising concerns among Americans regarding privacy on the Internet, states have passed numerous laws that require companies to be somewhat open to showing the users or customers the information they are collecting. The National Conference of State Legislatures maintains a web page that lists selected state laws related to Internet privacy.

These laws cover:


 * Electronic surveillance
 * Employee E-mail communications and Internet access
 * Phishing
 * Privacy of certain online activities
 * Privacy of personal information held by ISPs
 * Privacy policies for web sites
 * Privacy policies for government web sites
 * Security breaches
 * Spam
 * Spyware

Libraries and books

 * California Government Code § 6267: Protects an individual’s privacy when using online library resources, such as writing email or text messages, online chat or reading e-books.
 * California Civil Code § 1798.90: The California Reader Privacy Act protects information about the books Californians browse, read or purchase from electronic services and online booksellers, who may have access to detailed information about readers, such as specific pages browsed.

Privacy of personal information held by ISPs
Two states, Nevada and Minnesota, require Internet Service Providers to keep private certain information concerning their customers, unless the customer gives permission to disclose the information. Both states prohibit disclosure of personally identifying information, but Minnesota also requires ISPs to get permission from subscribers before disclosing information about the subscribers' online surfing habits and Internet sites visited. In addition, California and Utah laws, although not specifically targeted to on-line businesses, require all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.
 * Minnesota Statutes §§ 325M.01 to .09
 * Nevada Revised Statutes § 205.498
 * California Civil Code §§ 1798.83 to .84
 * Utah Code §§ 13-37-101, −102, −201, −202, −203

Employee e-mail communications and Internet access
Two states, Connecticut and Delaware, require employers to give notice to employees prior to monitoring e-mail communications or Internet access. Colorado and Tennessee require states and other public entities to adopt a policy related to monitoring of public employees' e-mail.

Public employers
In addition, Colorado and Tennessee require certain public entities to adopt a written policy on monitoring of email:


 * Colorado Rev. Stat. § 24-72-204.5

Privacy policies for web sites
California (Calif. Bus. & Prof. Code §§ 22575-22578): California's Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet web site or online service for commercial purposes, to post a conspicuous privacy policy on its web site or online service and to comply with that policy. The bill, among other things, would require that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its web site or online service and third parties with whom the operator may share the information.

Connecticut (Conn. Gen Stat. § 42-471): Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

Nebraska (Nebraska Stat. § 87–302(14)): Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.

Pennsylvania (18 Pa. C.S.A. § 4107(a)(10)): Pennsylvania includes false and misleading statements in privacy policies published on web sites or otherwise distributed in its deceptive or fraudulent business practices statute.

Privacy policies: Government web sites
At least sixteen states require, by statute, government web sites or state portals to establish privacy policies and procedures, or to incorporate machine-readable privacy policies into their web sites.

State         Statute Arizona       Ariz. Rev. Stat. Ann. § 41-4151, 41–4152   Arkansas       Ark. Code § 25-1-114 California    Cal. Government Code § 11019.9 Colorado      Colo. Rev. Stat. § 24-72-501, 24-72-502   Delaware       Del. Code tit. 29 § 9017C et seq. Iowa          Iowa Code § 22.11 Illinois      Ill. Rev. Stat. ch. 5 § 177/15   Maine          Me. Rev. Stat. tit. 1 § 14-A § 541- 542 Maryland      Md. State Government Code § 10-624 (4) Michigan      2003 Mich Pub. Acts, Act 161 (sec. 572 (7)) Minnesota     Minn. Stat. § 13.15   Montana        Mont. Code Ann. § 2-17-550 to – 553 New York      N.Y. State Tech. Law § 201 to 207 South Carolina S.C. Code Ann. § 30-2-40   Texas          Tex. Government Code Ann. § 10-2054.126   Utah           Utah Code Ann. § 63D-2-101, −102, −103, −104 Virginia      Va. Code § 2.2-3800, – 3801, −3802, −3803

Jason Fortuny and Craigslist
In early September 2006, Jason Fortuny, a Seattle-area freelance graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with men in that area. On September 4, he posted to the wiki website Encyclopædia Dramatica all 178 of the responses, complete with photographs and personal contact details, describing this as the Craigslist Experiment and encouraging others to further identify the respondents.

Although some online exposures of personal information have been seen as justified for exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online," said law professor Jonathan Zittrain, while Wired writer Ryan Singel described Fortuny as "sociopathic".

The Electronic Frontier Foundation indicated that it thought Fortuny might be liable under Washington state law, and that this would depend on whether the information he disclosed was of legitimate public concern. Kurt Opsahl, the EFF's staff attorney, said "As far as I know, they (the respondents) are not public figures, so it would be challenging to show that this was something of public concern."

According to Fortuny, two people lost their jobs as a result of his Craigslist Experiment and another "has filed an invasion-of-privacy lawsuit against Fortuny in an Illinois court."

Fortuny did not enter an appearance in the Illinois suit, secure counsel, or answer the complaint after an early amendment. Mr. Fortuny had filed a motion to dismiss, but he filed it with the Circuit Court of Cook County, Illinois, and he did not file proof that he had served the plaintiff. As a result, the court entered a default judgment against Mr. Fortuny and ordered a damages hearing for January 7, 2009. After failing to show up at multiple hearings on damages, Fortuny was ordered to pay $74,252.56 for violation of the Copyright Act, compensation for Public Disclosure of Private Facts, Intrusion Upon Seclusion, attorneys fees and costs.

USA vs. Warshak
The case United States v. Warshak, decided December 14, 2010 by the Sixth Circuit Court of Appeals, maintained the idea that an ISP actually is allowed access to private e-mail. However, the government must get hold of a search warrant before obtaining such e-mail. This case dealt with the question of emails hosted on an isolated server. Due to the fact that e-mail is similar to other forms of communication such as telephone calls, e-mail requires the same amount of protection under the 4th amendment.

In 2001, Steven Warshak owned and operated a number of small businesses in the Cincinnati area. One of his businesses was TCI Media, Inc, which sold media advertisements in sporting venues. Warshak also owned a dozen other companies that sold herbal supplements. Although all of his companies sold various different products, they were all run as a single business, and were later merged to form Berkeley Premium Nutraceuticals, Inc. Berkeley took orders over the phone, mail and Internet orders. Customers could only purchase products with credit cards which would later be entered into a database along with all of their other information. During sales calls, representatives would read from a script. Shelley Kinmon (an employee) testified that Warshak had the final word on the content of the scripts. The scripts would include a description of the product, as well as persuasive language to get customers to make additional purchases. Enzyte’s popularity was due to Berkeley’s aggressive advertising campaigns. 98% of their advertising was conducted through television sports. Around 2004, network television was covered with Enzyte advertisements featuring a character called “Smilin’ Bob,” whose trademark exaggerated smile was an asset to the result of Enzyte’s success. Warshak used false advertisement within the media. He claimed that there was a 96% customer satisfaction rating, when in reality it was nowhere near those numbers. Many print and television ad’s bragged that Enzyte had been created by reputable doctors with Ivy League educations. According to the ads, “Enzyte was developed by Dr. Fredrick Thomkins, a physician with a biology degree from Stanford and Dr. Michael Moore, a leading urologist from Harvard.” The ads also stated that the doctors had been working on developing such a supplement to “stretch and elongate” for over 13 years. In reality, the doctors were made up characters who didn’t exist nor attended university at Harvard or Stanford.

EPIC vs. FTC
In February 2009, Google attempted to create an application called "Buzz." It was attached to Gmail, and allowed for social networking among other users. EPIC (Electronic Privacy Information Center) in turn filed a claim stating "that Google engaged in unfair and deceptive trade practices by transforming its email service into a social networking service without offering users meaningful control over their information or opt-in consent." The FTC established new privacy safeguards for users of Google products in October 2011.

The safeguard issued prohibits Google from misrepresenting their privacy practices. It also requires Google to obtain consent from their users before disclosing any information, and lastly, it also requires Google to follow a comprehensive privacy program. Because of this case, Google now consolidates all of its data files about users into one merged file from each Google service, instead of keeping separate files for each Google service used by each user. This change became effective in March 2012.

Search engine data and law enforcement
Data from major Internet companies, including Yahoo! and MSN (Microsoft), have already been subpoenaed by the US government and China. AOL even provided a chunk of its own search data online, allowing reporters to track the online behaviour of private individuals.

In 2006, a wireless hacker pled guilty when his Google searches were used as evidence against him. The defendant ran a Google search over the network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." While court papers did not describe how the FBI obtained his searches (e.g. through a seized hard-drive or directly from the search-engine), Google has indicated that it can provide search terms to law enforcement if given an Internet address or Web cookie.

US v. Ziegler
In the United States many cases discuss whether a private employee (i.e., not a government employee) who stores incriminating evidence in workplace computers is protected by the Fourth Amendment's reasonable expectation of privacy standard in a criminal proceeding.

Most case law holds that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications. See, e.g. US v. Simons, 206 F.3d 392, 398 (4th Cir., Feb. 28, 2000).

However, one federal court held that employees can assert that the attorney-client privilege with respect to certain communications on company laptops. See Curto v. Medical World Comm., No. 03CV6327, 2006 U.S. Dist. LEXIS 29387 (E.D.N.Y. May 15, 2006).

Another recent federal case discussed this topic. On January 30, 2007, the Ninth Circuit court in US v. Ziegler, reversed its earlier August 2006 decision upon a petition for rehearing. In contrast to the earlier decision, the Court acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. See US v. Ziegler, ___F.3d 1077 (9th Cir. Jan. 30, 2007, No. 05-30177). [1] Cf. US v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).

In Ziegler, an employee had accessed child pornography websites from his workplace. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.

The Ninth Circuit allowed the lower court to admit the child pornography as evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer. That Court also found that his employer could consent to a government search of the computer and that, therefore, the search did not violate Ziegler's Fourth Amendment rights.

State v. Reid
The New Jersey Supreme Court has also issued an opinion on the privacy rights of computer users, holding in State v. Reid that computer users have a reasonable expectation of privacy concerning the personal information they give to their ISPs.

In that case, Shirley Reid was indicted for computer theft for changing her employer's password and shipping address on its online account with a supplier. The police discovered her identity after serving the ISP, Comcast, with a municipal subpoena not tied to any judicial proceeding.

The lower court suppressed the information from Comcast that linked Reid with the crime on grounds that the disclosure violated Reid's constitutional right to be protected from unreasonable search and seizure. The appellate court affirmed, as did the New Jersey Supreme Court, which ruled that ISP subscriber records can only be disclosed to law enforcement upon the issuance of a grand jury subpoena. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. This case also serves as an illustration of how case law on privacy regarding workplace computers is still evolving.

Robbins v. Lower Merion School District
In Robbins v. Lower Merion School District (U.S. Eastern District of Pennsylvania 2010), the federal trial court issued an injunction against the school district after plaintiffs charged two suburban Philadelphia high schools violated the privacy of students and others when they secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home. The schools admitted to secretly snapping over 66,000 webshots and screenshots, including webcam shots of students in their bedrooms.

Saved references
End of content saved from main article

Moved material needs review
It seems that User:Waveclaira moved a lot of material to the talk page (see above), without discussion, and has been blocked. Quite a lot of the moved material was US-specific, so it would have been better to move it to a new US-specific page rather than to the talk page. LittleBen (talk) 00:08, 19 October 2012 (UTC)

Rewrite Needed
This article needs a massive rewrite & editing. I started to do a little but gave up b/c I don't have the time. It reads like it was written by someone with an extremely dysfunctional grasp on the English language. Sentences are jumbled, words are missing, clauses conflict & repeat, & much of it reads like a poorly worded scare tract.75.73.11.164 (talk) —Preceding undated comment added 01:17, 15 March 2013 (UTC)


 * I agree that a rewrite is needed. --Jeff Ogden (W163) (talk) 12:52, 17 July 2013 (UTC)

Should the sub-section on "Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)" be removed?
I just spent some time editing the sub-section on Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) within the Device fingerprinting section, but am now wondering if the material is really appropriate for this article or if it should be removed as being too specific or as WP:Spam. Here is the current text:


 * Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)


 * Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) is device fingerprinting software technology that identifies the device (computer, tablet, smartphone, …) being used to access a website. This information in turn can be used to help differentiate legitimate users from those using false identities or those attempting to work anonymously. A.D.A.P.T. uses only HTTP and JavaScript to identify a device and identifies devices without requesting any personal information entered directly by the user. It makes an accurate “fingerprint” of the device by using many different pieces of information including, operating system, browser, and PC characteristics. A.D.A.P.T. is concealed in that the user of the device has no idea that the device is being “fingerprinted” and there is no actual tagging of the device.

--


 * --Jeff Ogden (W163) (talk) 12:50, 17 July 2013 (UTC)

RfC concerning the Lavabit email service
There is a request for comments (RfC) that may be of interest. The RfC is at

Talk:Lavabit

At issue is whether we should delete or keep the following text in the Lavabit article:


 * Before the Snowden incident, Lavabit had complied with previous search warrants. For example, on June 10, 2013, a search warrant was executed against Lavabit user Joey006@lavabit.com for alleged possession of child pornography.

Your input on this question would be very much welcome. --Guy Macon (talk) 05:05, 29 August 2013 (UTC)

Calling for a more positive editorial "label"
The introduction characterizing this article is exceedingly disparaging. It does give an overview of an important subject and enough links to enable further study.

Yes, it is long, detailed, and does elaborate on US experience. The subject matter is also large, and many key players in both the open and the closed net tracking business are US based, hence labelling it in a way that makes it look tedious and ethnocentric seems unfair.

Conclusion: while encouraging knowledgeable people to contribute with later than 2012 info, structuring the text with "sattelite" themes to make it shorter and other improvements, the introductory "consumer beware" label should be made more supportive.

p. (Paul hofseth (talk) 06:53, 23 November 2013 (UTC))


 * The four cleanup templates at the top of the article had been there for 17 months. That is long enough for improvements to have been made, so I removed them. The templates removed were: "update", "globalize", "overly", and "essay". I left the "Globalize/US|date=September 2012" template that appears at the beginning of the "Levels of privacy" section since it hasn't been there quite as long and isn't as prominent as the other cleanup tags. None of this should prevent editors from making improvements to the article or discussing possible improvements here on the talk page. --Jeff Ogden (W163) (talk) 09:47, 23 November 2013 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Internet privacy. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20131017033653/http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt to http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 05:04, 12 April 2017 (UTC)

Orphaned references in Internet privacy
I check pages listed in Category:Pages with incorrect ref formatting to try to fix reference errors. One of the things I do is look for content for orphaned references in wikilinked articles. I have found content for some of Internet privacy's orphans, the problem is that I found more than one version. I can't determine which (if any) is correct for this article, so I am asking for a sentient editor to look it over and copy the correct ref content into this article.

Reference named "reg": From Privacy law:  From Bomb-making instructions on the internet: The Register, EC wants to suppress internet bomb-making guides, Julye 4, 2007 

I apologize if any of the above are effectively identical; I am just a simple computer program, so I can't determine whether minor differences are significant or not. AnomieBOT ⚡ 10:48, 11 May 2017 (UTC)

Delete or keep an index to this subject?
This week there's discussion about whether to delete or keep the Index of Articles Relating to Terms of Service and Privacy Policies, which I created in early August. That index helps readers find: Wikipedians are welcome to improve the index, and/or discuss if it should be deleted or kept available. Numbersinstitute (talk) 17:06, 13 September 2017 (UTC)
 * this article
 * articles on different aspects of privacy policies
 * articles which cover privacy at specific companies

External links modified
Hello fellow Wikipedians,

I have just modified 4 external links on Internet privacy. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20111005203739/http://www.atg.wa.gov/InternetSafety/FamiliesAndEducators.aspx to http://www.atg.wa.gov/InternetSafety/FamiliesAndEducators.aspx
 * Added archive https://web.archive.org/web/20101018071436/http://lippmannwouldroll.com/2010/08/02/privacy-privacy-where-for-art-thou-privacy/ to http://lippmannwouldroll.com/2010/08/02/privacy-privacy-where-for-art-thou-privacy/
 * Added tag to http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=%2Fhww%2Fresults%2Fresults_common.jhtml.35
 * Added archive https://web.archive.org/web/20120113003519/http://www.pewinternet.org/Reports/2000/Trust-and-Privacy-Online/Summary/Findings.aspx to http://pewinternet.org/Reports/2000/Trust-and-Privacy-Online/Summary/Findings.aspx
 * Added archive https://web.archive.org/web/20100802122230/http://www.harvardlawreview.org/issues/120/may07/Note_4397.php to http://www.harvardlawreview.org/issues/120/may07/note_4397.php
 * Added tag to http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=%2Fhww%2Fresults%2Fresults_common.jhtml.35
 * Added tag to http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=%2Fhww%2Fresults%2Fresults_common.jhtml.35
 * Added tag to http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=%2Fhww%2Fresults%2Fresults_common.jhtml.35
 * Added tag to http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=%2Fhww%2Fresults%2Fresults_common.jhtml.35

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 15:13, 15 November 2017 (UTC)

Seemingly outdated information
Under "Search Engines" it reads:

"Google had publicly stated on January 24, 2012, that its privacy policy will once again be altered. This new policy will change the following for its users: (1) the privacy policy will become shorter and easier to comprehend and (2) the information that users provide will be used in more ways than it is presently being used. The goal of Google is to make users’ experiences better than they currently are.[58]

This new privacy policy is planned to come into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Google's new privacy policy will combine all data used on Google's search engines (i.e., YouTube and Gmail) in order to work along the lines of a person's interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results.[59]" — Preceding unsigned comment added by Jandrocamus (talk • contribs) 12:22, 4 June 2019 (UTC)

The Rumor Mill News, Really?
One of the sources (126) is from a website called "The Rumor Mill News", which seems to be some sort of conspiracy tabloid. On the page itself is a link to a Washington Post article, which would probably be the much better source to choose here. — Preceding unsigned comment added by 156.12.7.141 (talk) 15:00, 6 October 2021 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion: Participate in the deletion discussion at the nomination page. —Community Tech bot (talk) 01:52, 1 December 2021 (UTC)
 * Screengrab of 'Disconnect', (an internet-browser addon), visualizing the many trackers on the website 'abovetopsecret' (on 141127)-cropped.png

"Physical Adress" is a wrong link
In the beginning of the article, the word "Physical address" is used, which in this context refers to a person's address (the location of their house). But the hypertext links redirects to the physical address of a memory cell in a computer 80.214.127.225 (talk) 17:39, 5 August 2022 (UTC)

Google plus does not exist anymore
It is said that : "Privacy settings are also available on other social networking websites such as Google Plus and Twitter", as though Google plus were still available, while the service stopped a few years ago. 2A04:CEC0:100E:25A5:0:6A:E852:7A01 (talk) 17:49, 5 August 2022 (UTC)

Photo should include information available via the EXIF data
Please include date, time, and latitude/longitude location in the Exif data of a photograph in the photo internet privacy part. 2600:1700:D591:5F10:526:FAD:2:ED24 (talk) 22:28, 12 September 2022 (UTC)

Wikipedia Ambassador Program course assignment
This article is the subject of an educational assignment at Carnegie Mellon supported by Wikipedia and the Wikipedia Ambassador Program&#32;during the 2012 Spring term. Further details are available on the course page.

The above message was substituted from by PrimeBOT (talk) on 15:54, 2 January 2023 (UTC)

4325 Chippendale Street
I get no privacy 2600:1002:B02A:CA96:7467:4D7:FEBC:6DD5 (talk) 22:34, 30 September 2023 (UTC)

Why is this article's neutrality disputed?
Why does the article have this cleanup tag? Jarble (talk) 00:04, 8 November 2023 (UTC)