Shostack + Friends Blog Archive


Privacy and "Required, not used"

So, I was commenting over on Econlog, and noticed this:

“Email Address (Required. Your email address will not display to the public or be used for any other purpose.)”

So, umm, what is it being used for?

This is both snarky (obviously) and serious (less obviously). The less obvious part is that information is being collected for no apparent reason, because some developer thought it would be good as an anti-spam measure or something. The lack of clarity is in violation of the basic privacy precepts of notice and purpose-specification, as well as minimization. Those are sometimes hard concepts for developers to grasp. We have a team of people to help developers through them, and get to the right results.

Maybe Microsoft Privacy Guidelines for Developing Software Products and Services should be required reading?

Signs of our times” photo by Thomas23.

6 comments on "Privacy and "Required, not used""

  • Nikita says:

    Hmm… this may be a good time to change your own comment form to explain why email addresses are being collected.

  • Adam says:

    It’s optional, but I should clarify that. Removing it actually broke some Movable Type stuff that I didn’t have time to dig into.

  • Submitting my e-mail address is a “gesture of legitimacy”. I am saying that I am serious about committing my views and I am willing to ‘sign’ them with the label that establishes me in the network world.
    I know that I have reserved my e-mail address in certain circumstances because I did not feel that the site warranted or deserved my personal affirmation.
    Note: While it may or may not be displayed here I did personally affirm this comment with my e-mail address.

  • izzy says:

    So, umm, what is it being used for?

    They explain in their FAQ:

    Why is your email address required? Security.
    Examples of our use of your email address: If someone else were to claim to be you and want to cancel one of your posts, we would email you first to verify the request. We send occasional verification or warning emails to individual commenters for various other comment-related reasons.

  • adam says:

    Huh! Thanks for digging that out, Izzy. Emailing commenters, of course, is the other reasonable use of email addresses, but it should be both easier to
    find and spelled out.

  • William,
    I understand what you’re saying, but absent authentication of what you’ve posted, I’m not sure it functions like that.
    For example, I can sign this post, and that seems more an attestation than what the blog sw displays.

Comments are closed.