1303: Profile Info

Explain xkcd: It's 'cause you're dumb.
(Redirected from 1303)
Jump to: navigation, search
Profile Info
It's ok, they'll always let you opt out! Like they did with the YouTube real name profile thing.
Title text: It's ok, they'll always let you opt out! Like they did with the YouTube real name profile thing.


On most websites people are forced to create an account to get proper support, be it technical support or simply ordering products. This usually consists of the user's name, email address, phone number, and also the user's home address if ordering a product that must be shipped by mail. It's not uncommon for the websites/companies to then use that information for presenting new advertisements in the near future, or even sell it to others for their schemes.

In 2013 (publishing of this comic), a recent trend was to allow harvesting of profile pictures and real names, mostly by automated processes with little to no human interaction. The personal information is collected in context with other information, such as the purchase or product review history, and shown to people (typically friends and contacts) who are viewing similar products.

The title text references the fact that most of these companies have an "opt out" option so that your name won't be used, but then emphasizes that YouTube (a subsidiary of Google) at the time of this comic forced YouTube user accounts to be tied to Google+. Google+ required the use of the 'first name' and 'last name' convention typical of western cultures, where one cannot 'opt out' (though these requirements did allow for the abbreviation of names). However, this has not stopped people from using names that aren't their own, but using names like "Barack Obama" and "Chuck Norris". Some similar websites allowed the use of aliases in their initial terms of use, but then later changed their TOCs to prohibit use of "false" names. YouTube was one such system; after the merge with Google+ for authentication, both sites automatically linked your false-name account with your real name account, in some cases banning and blocking people with suspected false name accounts.

To try to put a stop to his own information being used, Cueball sets his last name to "If-you-see-this-name-in-an-ad-give-the-product-a-one-star-review-Smith", a name which includes a phrase that would negatively affect any marketer's attempts to advertise an online product.[citation needed] This name would pass though most harvesting software as-is, and may very well end up being used in such ads, unless some very clever software is able to detect sentences as part of names or similar. In fact much spam is stopped by identifying emails through Honeypot accounts, among other methods.

Hence engineering part of your profile could be a winning strategy to signal to your friends that your information is harvested without your express knowledge.


[Cueball is sitting at a desk, using a desktop computer. He is filling in a form on a webpage.]
First Name: John
Last Name: If-you-see-this-name-in-an-ad-give-the-product-a-one-star-review-Smith
[Caption below the panel:]
How to deal with companies harvesting your profile for marketing

comment.png add a comment! ⋅ comment.png add a topic (use sparingly)! ⋅ Icons-mini-action refresh blue.gif refresh comments!


You think no company would use that name? Seriously? The point of using name like this is that companies harvesting profiles will not be checking the profiles manually, they would have automatic software doing that, and unlike human, this software would not be able to recognize anything weird on name like this. -- Hkmaly (talk) 10:18, 13 December 2013 (UTC)

 +1 informative 11:21, 13 December 2013 (UTC)

I think that it generally goes that the automatic name-searcher things (or whatever the hell it is they're called) have some sort of rudimentary filtering system to avoid picking up spam accounts and the like, but I wouldn't know that much. Besides, if these ads are going to be designed by humans (we haven't made ad-designing robots yet, I hope), then there's going to be at least one person in the loop to check this sort of stuff.CrizBN (talk) 12:02, 13 December 2013 (UTC)

"we haven't made ad-designing robots yet, I hope" -- it's a thing. https://old.reddit.com/r/TargetedShirts 08:47, 21 December 2020 (UTC)
A human would design the advertisement and leave a place for the software to put the elements (name/picture/etc). The software would later present the add putting in account info either at random or of people believed to be connected to the viewer. The human designing the ad would likely run through a number of test cases, but in a large data set may never notice 'poisoned' credentials. HTH. See comment below from Spongebog. JChrisCompton (talk) 16:42, 13 December 2013 (UTC)

To be honest, you technically can opt out of YouTube real names by linking to a Google+ Page, which does not require a legal name. However, the G+ link UI is intentionally designed to make this option difficult to find. 13:58, 13 December 2013 (UTC)

Interestingly Enough, there's been a court case about this kind of Thing, Lane v. Facebook Resulted in the Termination of Facebook's "Beacon" program, which was similair. 14:43, 13 December 2013 (UTC)

Havesting and using Peoples information -- whether names, emails content, email addresses or viewing habits is entirely automated, and hence very clever software is needed to filter out "commentary names" -- no advertiser are reviewing the actual content used gained from these harvesting processes. Spongebog (talk)

I'm absolutely positive this would work, because I've done it. I entered "Fake Guy" as my name on some website (I can no longer remember which one) and now I regularly get spam e-mail exhortations addressed to Fake. 15:36, 13 December 2013 (UTC)

As far as spam is concerned, owning my own domain (more than one!) is a godsend. It lets me register under different <blah>@mydomain.foo for each outlet I 'need' to register with. Alongside a "Fake Guy" type personal name thing, where relevent, each place's emails is essentially marked for life (and obviously any sold-on/stolen-by database beneficiaries). Which is useful, as it allows auto-filing the more annoying circulars in their own folders, as well as the more urgent ones in places that make it obvious I should read straight away! (I could also set it up to /dev/nul or forward elsewhere.) In a previous incarnation (an account, and domain, I used in my Usenet post headers) I also got a lot of "<randomtext>@domain.foo" 'hits', speculatively trying mail addresses I'd never given forth (mostly for 419 mails). Also easy to deal with. Which is not quite the target of the cartoon, but related. And (unless you're welded to the idea of multiple throwaway Hotmail/etc accounts, instead, for a no-cost version of this) you might find to be an additional layer in your anti-harvesting weaponry. (Note: a semi-throwaway "just for registering the domain" mail address might be initially needed. But still keep an eye on it or alter to something like "[email protected]" so you don't miss the domain-renewal alerts... which could be awkward if there's anything else potentially important coming in via that route.) But FYI, for those that don't already do something similar. Oh, and also if any mails might need replying-to (not usually necessary with registrations, these days, with at most a confirmation URI to be clicked on), check out your webmail (or standalone/portable mail app) to see what "identity management" features it has, so you can easily reply from the 'correct' personalised address. 12:46, 16 December 2013 (UTC)

I created an email alias of a 128-bit randomly generated number and changed my PayPal account to use it. I never gave it to anyone but PayPal. Less than a week later, I received a fully "legitimate" DKIM-signed message from an advertiser I had never heard of. PayPal never answered my complaint. 15:56, 18 December 2013 (UTC)