On Why A-plus.net Sucks and Privacy Policies

Last week, during the Attention podcast with Steve Gillmor, I made the claim that many companies were selling my information without my “explicit consent”. Steve strongly disagreed, saying that by using their service I am agreeing to their policies. In other words, the agreement I make when I use Gmail isn’t just about Gmail, it’s about everything that Google stuffs into their privacy policy, whether or not I’ve read it or understood it.

We were talking about this the other day in the office. Our founder Jared, whose father is a lawyer, said that Steve was technically right, given that “explicit consent” is a legal term and by using a service I am legally bound by their privacy policy. (Jared has a great writeup on privacy policies today on Brain Sparks. He asks: What are we agreeing to? )

The problem, as Jared points out, is that privacy policies are not made for real human beings, they’re made so that companies can cover their ass if someone takes them to court for doing evil things. So, given that agreeing to a service (like domain registration, for example), means that we agree to everything the company includes, however vaguely, in their privacy policy, we as customers really need to start paying attention to what companies are trying to slip past us. And I mean that: they are definitely trying to slip stuff past us.

Yesterday I was contacted on my personal cellphone by the hosting company A-plus.net, who told me they are the biggest hosting provider in the U.S. After telling them that I didn’t need any hosting, I asked them how they got my phone number. The guy said that it was from a mailing list. I asked him where the mailing list came from. He didn’t know. I asked to speak to someone who might know. He put me on hold. A minute later he came back and said that he was forwarding me to his manager, and that if I didn’t get through to leave a message. I was then transferred to a line that rang five times and then disconnected.

Now I don’t know if it was an employee of A-plus.net that I was speaking to, or some reseller, but A-plus.net sure as heck aren’t getting my business. And neither are any companies that I find out are selling my personal information, even if I gave them legal consent by using their service. If I don’t give them the equivalent of direct permission, then consider none given.

I’m sticking to my guns on this one. I still view a privacy policy like the ones on Gmail or Hotmail as implicit consent from a practical, if not legal, standpoint. Nothing about it is explicit. It is neither clear, nor straightforward, nor precise, nor exact, nor unambiguous. All of these make something explicit, and very few privacy policies fit.

So for me, the sh*t has hit the fan. I’m going to be a lot more careful now, but I suspect that it will take something very big to get this pain out to everyone. Or maybe just a cold call to their cellphone, perhaps, like I got yesterday.

I wonder if these companies are surprised when I blog about how displeased I am and say things like Aplus.net sucks. I’m no Jeff Jarvis, but I do know his email address.