5/13/2005

在线地址本服务

我收到的来自在线地址本服务的邀请现在越来越频繁了。今天我又收到了一封这样的邮件:Add yourself to xxx's address book! Open your invitation
This invitation was sent to my email address on behalf of xxxxxx (xxxxxx@hotmail.com)
If you do not wish to receive invitations from this Ringo member, click here. To stop receiving invitations from all Ringo members, click here.
在我的上一篇BLOG(Please don't show your password to 3rd party.)中,我提到了一些站点的服务存在风险,因为它们要求用户提供邮箱的密码,而这样可能导致身份冒用——实际上,他们已经用我朋友——其中一些名字我比较陌生,因为我不熟悉一些网友的真实姓名——的名义给我发送了数十封这样的电子邮件,而且看起来我将会持续收到这样的邮件,即使是在我注册之后。尽管一些网站声称我可以通过提供我的电子邮件地址来停止接收他们给我发送的邀请,但是这样的方法显然没有生效——和垃圾邮件中的停止接收链接一样,这仅仅证明这个电子邮箱正在被使用,并且准备好接收更多的垃圾邮件。记得蠕虫病毒么?这种收集邮件地址的方法更加简单,而且可以绕过任何防火墙。我建议收到这样的邮件的人在注册之前看看这篇文章:http://www.anu.edu.au/people/Roger.Clarke/DV/ContactPITs.html ,以了解可能付出的代价。OK,在继续讨论之前,让我们来看看这些网站到底是什么。有多少人在注册之前看过他们的服务条款?要使用他们的服务,你必须同意他们的服务和隐私条款并且提供你的个人信息,例如生日、性别诸如此类。第一眼看上去这些服务条块似乎是完全无害的,除了:
http://www.bebo.com/Privacy.jsp

You agree that we may use personal information about you to improve our marketing and promotional efforts, to analyze site usage, improve our content and product offerings, and customize the Site's content, layout, and services. These uses improve the Site and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using the Site.

We use your personal information to: troubleshoot problems; measure consumer interest in our services, inform you about offers, products, services, and updates; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our Terms of Use; and as otherwise described to you at the time of collection.

You agree that we may use your personal information to contact you and deliver information to you that, in some cases, are targeted to your interests, such as targeted banner advertisements, administrative notices, product offerings, and communications relevant to your use of the Site. By accepting the Terms of Use and Privacy Policy, you expressly agree to receive this information. You may make changes to your email notification preferences at any time.It is possible that as we continue to develop our website and our business, Bebo's service and/or related assets might be acquired. Notwithstanding any provision in this policy to the contrary, in event of a merger or acquisition, your personal information may be transferred to the acquiring entity, and become subject to the acquirer's data practices.

http://www.bebo.com/TermsOfUse.jsp

Bebo reserves the right at all times to monitor, review, retain, and/or disclose in good faith any information it believes in good faith that such action or disclosure is necessary to conform to legal and government requirements, or to protect and defend the rights or property of Bebo or enforce the TOU.Bebo reserves the right to collect and distribute non-personal demographic information to third parties. As such this information would not contain any information that would allow your identity to be deduced.

不够危险?来看看这个:(http://ringo.com/about/terms.html)
Modifications to Service
These Terms & Conditions were last modified on January 25, 2005. At any time and without prior notice, Ringo shall have the right, in its sole discretion, to modify, add or remove terms of these Terms & Conditions, without notifying our customers of such modifications, additions or removals, and all such changes shall be effective immediately. Your continued participation and use of this website and/or the Ringo services following our posting of any such change on our site will constitute binding acceptance of such change. You agree that Ringo shall not be liable to you or to any third party for any modification, suspension or discontinuance of the service.
OK,看过上面的文字,我也同意Ringo不liable,所以我不会去注册。因为这个网站的拥有者是Monster.com,我所知道的世界上最大的求职网站,所以从现在开始我不会理会任何类似的邀请,不管这样的邀请来自哪里。

我更加忧虑的是那些要求电子邮箱密码的服务,例如http://www.sms.ac, http://www.bebo.comhttp://www.hi5.com 之类。一些电子邮件服务和其他服务共享密码,例如MSN Money和Yahoo Messenger,而这样的电子邮件的密码被泄漏可能造成的损失不仅仅是发送垃圾邮件而已。很多人——包括我在内——在很多站点(甚至可能是银行的网站)使用同样的用户名和密码。但是,有多少人阅读过并且对法律条文有足够认识来理解它们的服务条款?有多少人知道很多这样的密码要求页面(在我发表这篇文章的时候,我没找到一个反例)完全没有加密措施?通过任何一个路由器——如果有人愿意的话,可以是在网站服务器所在网络上的那个——都可以获得这样的用户名和密码而不违反任何任何服务条款。更不用说这样的安全防护措施是否可以阻止黑客获取服务器上的数据了。

大多数人知道垃圾邮件和连锁信息(把这个信息发送给XX个人你就可以XXXX之类)是不受欢迎的。但是我还是不断收到一些这样的无用电子邮件、MSN和QQ消息——如果我还在使用手机的话,可能还有需要付费的文字消息——这大约占我的日常通讯量的2/3。再次提醒并不会阻止那些不听劝告的人发送这样的信息,但是我希望能够让一些没有被提醒过的人认识到,免费的蛋糕并不是看起来那么美味可口。我也建议你在阅读之后,做一些你自己的搜索和研究来做出你自己的判断。

No comments: