If the 1-day live site is real then it is completely unacceptable. It may be fine to show John from Waikato, or Tim from Auckland, but I suspect there is not more than one Kanwalpreet in Upper Hutt. That person has purchased something and had that information broadcast to the world, which, and I write without even looking at it, is clearly in breach of the privacy act.
Comments are closed.
Hi there,
We proved that the site is real by using the published information to track down and talk to one of the users.
Read more about it here: http://techliberty.org.nz/1-day-finds-that-anonymity-is-hard/
LikeLike
I couldn’t agree more. It is a huge privacy issue especially for those of us with unique (foreign) names. I purchase from 1-day regularly and hey, try googling my name. Off to the PCO we go…
LikeLike
Pretty simple fix – 1-day can simply make it “opt-in”, or even “opt-out” would be better than nothing.
[ ] No I do not wish 1-day to include me in its live map
I suspect the majority of people won’t be too bothered by the fact that they may or may not appear on a real-time map for a few seconds.
LikeLike
What is the point of this?
LikeLike
Privacy isn’t the only issue here, there are serious security considerations.
If someone can get your name and town, they can probably get your street address and phone number from the white pages. This information, plus the information on what you bought and when, provides a lot of ammunition for someone trying to scam via social engineering. Imagine if someone called you on the phone, and they knew what you bought, when you bought it, and the address it was being shipped to. You might be smart enough to question their enquiry, but a lot of people wouldn’t be.
LikeLike
Hiya,
I guess the concept (or idea) is social proof, or some “techy” got a hold of a new idea and said- this is “cool” – wheater it serves a purpose or not!
Paul
LikeLike
Chris – the outcome you describe is one of the key reasons why privacy is protected by law. I.e. breach of personal privacy can have a negative effect on personal security.
LikeLike
1-Day claim to have added an alias feature. http://www.nbr.co.nz/article/shopping-site-tweaks-privacy-busting-feature-133397
However, 1-Day support are unaware of such a thing and just suggested using your first initial instead.
The site continues to post live customer data to the website.
LikeLike
They walk a fine line at 1-day. I bought something on impulse for a friend. Turned out the friend had bought it too so I tried to sell it on Trade Me. Trade Me said it violated copyright law and I wasn’t allowed to sell it through their site!
I’ve also bought an ‘air gun’ through 1-day only to later find out that actual ‘air guns’ require a permit by law. It turned out that what I bought wasn’t an air gun at all, despite being advertised as such on 1-day. I emailed 1-day and they said something along the lines of ‘No we checked with a police supervisor who said we could sell them.’ When I said that contradicted what I read on the police.govt.nz website, they actually said ‘Let’s just agree to leave it there’ and didn’t respond again. Not good.
LikeLike
How daft of 1-day. Why can’t they do it like BookDepository does their ‘watch people’ shop function:
http://www.bookdepository.co.uk/live
eg. ‘Someone in X has bought X’
LikeLike
And if you are screenshotting this and reposting this person’s purchase, then you too are violating the privacy act by publishing it. Although it would have been more in line with your point if you had redacted or altered the personal information first, you could argue that this guy’s info was already in the public domain so it wasn’t private anymore.
I bet Kanwalpreet is happy he didn’t by that male enhancement device instead.
LikeLike
Yes – it was already in the public domain.
LikeLike