A few months back we covered Ask.com's AskEraser feature, which was touted as a way of enhancing user privacy by allowing them to opt out of personalization features that involve collecting personal information about users. We praised Ask for focusing on privacy, but questioned whether the feature was more marketing gimmick than serious privacy enhancement.
Still, we apparently weren't nearly as incensed as the Electronic Privacy Information Center, which went so far as to file a complaint with the FTC alleging that the service failed to adequately protect user privacy, because it set a cookie that included a down-to-the-second timestamp that could conceivably be used as a unique identifier. The only problem is that Ask fixed the problem weeks ago,
replacing the timestamp-based cookie with a simple "yes" or "no" setting indicating whether the feature was activated. EPIC apparently didn't notice this, and plowed ahead with its complaint to the FTC. Ask.com even says that it "tried to engage in a constructive dialogue with the group last week, and was rebuffed." I found the response of EPIC Executive Director Marc Rotenberg particularly striking. He says the snafu is Ask's fault for not responding promptly to EPIC's threatening letters. And he says that AskEraser is "a nutty approach that does not scale." Rotenberg, in other words, seems to feel entitled to second-guess the details of how companies implement their products. Rotenberg certainly knows more about privacy law than I do, but I highly doubt that "nutty" or non-scalable privacy features are against the law. And I certainly don't think we want to get the FTC involved in second-guessing every detail of how websites are implemented.