I'm looking for some general help, advice, and technical support that will hopefully be given by members of this community forum.
Tonight, while checking my BT bill online, I noticed the pages where being tracked by a program or script or something called Omniture. A bit of checking tells me that:
"Omniture SiteCatalyst® provides marketers with actionable, real-time intelligence about online strategies and marketing initiatives. SiteCatalyst helps marketers quickly identify the most profitable paths through their Web site, determine where visitors are navigating away from their site, and identify critical success metrics for online marketing campaigns. SiteCatalyst is part of the Omniture Online Business Optimization Suite."
This raises a couple of concerns and questions:
i) This is my private billing data; there's all sort of personal information on there that I don't want people to know.
Q) Is this being sold to some American marketing company based in the USA?
ii) This part of the site is supposedly secure; password protected, https address, etc. My account number and personal bank details, amongst other things, are visible in there.
Q) How can it be secure if every move I make in my own account/billing area is being tracked by this Omniture mob?
This has got me extremely worried!
I'd value any advice and/or any peer to peer support solutions that anyone may have. For instance, is there any way to get the tracking on my billing area stopped, etc?
I use Firefox 3.6 and an add on called Ghostery.
IMO Internet Explorer and BT don't get on.
I have just accessed my BT Accounts to double check and with FF plus Ghostery, Omniture IS BLOCKED.
I don't know if it can be blocked when using other browsers.
Hope this helps.
In addition to this:
touchclarity.com a.k.a. 2o7.net
550 East Timpanogos Circle
Orem UT 84097
There's also scripts and tracking cookies from:
Right Now Technologies, Inc
40 Enterprise Blvd
Bozeman, MT 59718
eCustomerOpinions.com, a.k.a. eDigitalResearch Ltd
6 Berrywood Business Village
Hedge End, Southampton
I don't want to be sensationalist, but this really doesn't look good, especially in such a sensitive area of BT's Website, and may actually be in violation of either:
However, an official statement from BT on the matter is needed to clarify the situation, before people jump to conclusions.
BTW: I'm running Firefox 3.5.6 with both the AdBlock Plus and NoScript plugins, on a GNU/Linux system protected by iptables and SELinux, behind a local Squid proxy that peers to a local Privoxy proxy, then through a NATed router, on to a remote secure VPN tunnel. So the chances of this behaviour being attributable to any kind of malware on my system is ... er ... slim, to say the least.
I am happy to provide you with friendly peer to peer advice and support on this topical issue.
Omniture is part of the behavioural tracking that BT use in order that they may commercially exploit the pattern of your browsing behaviour in partnership with 3rd parties such as Omniture and TouchClarity. There is currently a lot of concern about the issue of consent with behavioural tracking, and the UK law is under review, as it is required to comply with the EU Privacy Directive. The UK government is currently under threat of court action from the EU on precisely this matter. When this is resolved, you can rest assured that the current BT practice will HAVE to change as will that of virtually every other website using BTA in the European Union. Similar action is being considered in the USA. You are by no means a minority, and your concerns are not unreasonable.
I agree that having a commercial tracking facility on an https protected "account/billing" page raises a number of topical issues that customers are entirely reasonable to be concerned about.
BT is a data controller, when it comes to your account and personal information. They are registered as such with the ICO. They may employ data processors to handle their data. If such data processors are outside the EU area, then they must agree to observe the EU regulations. In the USA this is dealt with by the Safe Harbor Agreement. Unfortunately customers may still have reservations, and their trust in these agreements and undertakings can not always be taken for granted, in the light of recent history.
I use an MVPS HOSTS file, which includes entries to block 2o7, Omniture, and Touchclarity. I also use Firefox 3.6 with ghostery (although not too sure about that one, it has just been sold to an ad company!), and NoScript. I also do not allow cookies by default. I also use FF addon TACO - which sets optout cookies for virtually all of the ad tracking cookies. Once those have been set you can then block cookies (and allow exceptions one by one as required - usually just session cookies). Firefox can still remember login passwords without having to set permanent cookies.
Speaking of Omniture/TouchClarity - the BBC website recently got "caught" using it on UK sourced visitors, contrary to their charter and had to withdraw it for all UK visitors because their Charter forbids the use of such commercial activity.
The key thing to remember is that your browsing behaviour patterns are YOUR data. That data belongs to you and has commercial value. You have rights over what is done with it, and no one else can over ride those rights.
If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.
It does not apply to Omniture. It does not discuss onsite tracking by 3rd party cookies.
The section about sharing information with other parties says this: (it is not clear how this relates to Omniture)
|Do we share your personal information with anyone else?|
|As a normal part of our business we share with other communications companies information for connecting and charging for calls over each others networks.|
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them. When we do so, these companies are required to act in accordance with the instructions we give them and they must meet the requirements of the Data Protection Act to keep the information secure.
We may share your personal information with other parts of BT to enable them to conduct their own businesses and to market their products and services to you. We provide this information in accordance with our code of practice on the disclosure of customer information. This code limits BT´s ability to share information in this manner and is intended to prevent BT gaining unfair competitive advantage over its competitors.
We may share your personal information with other companies so that they can contact you with details of other products or services you may be interested in. We will only do this if you have agreed to this and where the companies agree to use your personal information for that purpose only. If you have agreed to receive information about products and services from another company and later decide not to you will need to contact that company yourself to let them know. You can of course ask us not to continue to provide your personal information to any more companies in future.
We may provide information, in response to properly made requests, for the purposes of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In either case we do so in accordance with the Data Protection Act. We also provide information when required to do so by law, for example under a court order, or in response to properly made demands, under powers contained in legislation.
If there is a change (or prospective change) in the ownership of BT or any of its assets, we may disclose personal information to the new (or prospective) owner. If we do so, we will require them to keep it confidential.
If you believe the personal information we hold on your is incorrect you may amend it by following the procedure set out below in "How can I change the personal information BT holds about me?"
In order to determine what is happening on a visit to an https site like "my account/billing" you may wish to use tools like the Firefox error console or the Java console or other browser logging to determine what requests your browser is making, and what information is being sent included with the Omniture data. It can be a complex area. This information is provided to assist users in their enquiries about internet security, in a spirit of friendly peer to peer support and advice.
- Omniture is a standard web tool used by thousands of companies worldwide.
Thanks for the reply, KerryG.
I know what it is and I couldn't care less how many companies use it, I don't want it tracking my movements on the supposedly 'secure' My Account section where all my personal private data, including my banking details, are.
That document is huge; neither the word "tracking" nor the word "Onmiture" appear anywhere on it and thus there can't possibly be instructions to turn it off.
I'd be grateful for a more specific guide to turning this tracking off, please, without having to use an outside add-on.
DS. Thanks for the advice about Ghostery. I am already currently using it to block this stuff (using the test 2.0.3 version that doesn't hang FF). My main concern here is that Omniture (a company outside the UK) is being allowed to see what I'm doing in an area of the site that is supposed to be private and secure; only I should be able to see what's going on in that area.
DV. As always, great info, I'm very much obliged to you for your friendly peer to peer advice and support.
"Omniture is a standard web tool used by thousands of companies worldwide"
Ominture is a company which engages in dubious and deceptive tactics to harvest data, and as such I don't trust them, and really don't think BT should either:
It all began with a post at UNEASYsilence titled "Lies, Lies and Adobe Spies" which caught on to the fact that Adobe CS3 apps were calling out to a suspiciously-crafted IP address. As it turns out, the IP in question—192.168.112.2O7.net (note the capital O instead of a zero)—is not an IP at all, but rather a domain owned by statistics-tracking firm Omniture. Criticism and conspiracy theories quickly erupted across the web, calling for an answer from Adobe over what looked like a clear invasion of privacy crafted to look like a typical local IP address.
Adobe's final response to why Omniture used this deceptively crafted address is "we can’t find anyone who remembers".