Dangling domains present massive ongoing safety harm to people, businesses, governments, and institutions. We observed the unique harms of dangling domains during our K12 edtech research last year, and decided to act to raise the issue and encourage others to do the same.
The Research Project Part of our work at Internet Safety Labs is to assess the practicalities of safer technology for the mutual...
Dangling domains dangerously threaten more and more people each day, including students and parents at K-12 schools.
Any visit to a website, app download, purchase of a digital service, or use of new software involves legal policies. People typically encounter both a privacy policy and Terms of Use or Terms of Service (TOS/TOU) policy. But do they understand what functions these two types of policies serve? It seems they don’t.
As we’ve been performing independent product audits over the past year and a half, we received some push-back on our passing criteria related to the automatic translation of IP address to geographic location. Vendors felt that automatically calculating the user’s geographical location was, in fact, a benefit. However, in our specification, that behavior will receive a failing score. At an impasse, we decided to conduct some validation testing with Me-s.
Over the past month, the Me2B Alliance product testing team has been investigating something we refer to as “dangling domains” and the risks they pose to people, especially children and families.
A “dangling domain” refers to any URL/domain previously owned by a legitimate organization or business, but which has been either abandoned due to the business shutting down, or due to a mistake where the organization or business forgets to renew their own domain.
The reality of online data flows is nothing like what we expect. Our personal data flows do not start light and increase with time and trust. Instead, a firehose of personal information is released – and shared with a host of unseen third parties – as soon as we open an app or website. Me2BA’s Respectful Tech Specification V.1 is largely focused on testing for these invisible parallel dataverse data flows.
The Me2B Respectful Tech Specification measures technology behavior against 10 attributes that respectful Me2B Commitments should possess. These attributes represent how technology should treat us and our data at every step along the Me2B Relationship Lifecycle.
Over the course of the digital Me2B Lifecycle, individual “Me-s” (Data Subjects) will have the choice of deepening the relationship through a series of Me2B Commitments with the online vendor, “B” (Data Controller). This guide provides examples of common Commitments and Deals, and shows how they map to the stages of a Me2B Lifecycle. It also reflects social norms for being anonymous, recognized, or known at each stage.
The key to creating a safety standard to measure the behavior of technology is the ability to take several contexts into consideration, including the current status of the Me2B relationship. The Me2B Lifecycle model provides a framework and vocabulary to articulate and account for the dynamic “relationship context” over time when evaluating the behavior of technology.