Is A Picture Worth 1,000 Spams?

Every now and then, one of my friends will send me a link to an on-line photo album that they’ve created at one of the commercial photo-hosting sites. Unfortunately, I’ve never actually seen any of these photo albums because these sites all require you to “Create an Account” in order to view the album.

No thanks.

Here’s the thing: I understand that the website is providing a service (hosting photos), and that that service incurs costs for the website. I would be more than willing to pay a reasonable fee for that service, but no such “reasonable fee” exists. Let me explain. (And let me also explain that I’m not singly out any particular website, or even photo-hosting sites in general; it is any website that wants you to sign-up to get “low value” content).

Imagine for a moment that we had some form of micropayments or e-cash and that it was easy for people to buy and sell goods anonymously over the internet at large. Now I can decide what viewing a photo-album is worth to me, and what I think it should be worth to the hosting company. I might decide that it’s worth a dollar, or maybe twenty cents, or maybe five dollars; the exact value doesn’t matter. But I know what “spending a dollar” means, and I can relatively easily make the decision as to whether viewing those photos is worth $1 to me (and that the hoster deserves $1 for providing the service – note that even if I had infinite resources, I still wouldn’t want to be ripped off to the tune of hundreds of dollars just to see a couple of pictures).

But the currency of the internet isn’t cold hard cash, it’s PII (Personally Identifiable Information) – your name, e-mail, age, and anything else you are willing to cough up. There are two problems with this:

  1. I don’t know how much giving up my PII is going to cost me in the long run
  2. I don’t know how much my PII is worth to the website in the long run

Looking at the first point, I know what “spending a dollar” means. It’s going to cost me exactly one dollar. If I spend the dollar on the photos, I won’t be able to it on a cup of coffee or a movie ticket or the next Pet Shop Boys album, but I’ve got a couple of spare dollars lying around for those other things, so it’s no big deal. I spend the dollar exactly once, and ten minutes later I’ll probably have forgotten about it. I certainly won’t be caring about that dollar next week, next month, or ten years from now.

But you can’t say the same for PII. It only takes you a few minutes to type it in (which, depending on how you value your time, may already put you well over the $1 threshold -- especially if you actually read the Terms of Service and the Privacy Policy) but once you’ve given it up you can never get it back. Now you might start getting “promotional offers” from the site in your e-mail and possibly your postal mail. They might sell your PII to a third party who will send you even more “promotional offers”, and this could go on indefinitely. Five years from now, even though you’ve forgotten about ever visiting the web site, you could still be getting spam from a bunch of folks who have your PII.

But wait, there’s more! If the hosting site or its affiliates, agents, successors, blah blah blah ever get hacked (or they lose their backup tapes in the mail, or they fall off the back of a truck, or... I’m sure you’ve read all the stories), your PII may land in the hands of real criminals. Now it’s not just unwanted e-mail or flyers from “legitimate” advertisers that you have to worry about, it’s malicious or fraudulent e-mail that might lead to spyware infection, identity theft, or something even worse.

Is it really worth that to you?

And on to the second part; what’s it worth to the website? Again, you probably have some idea of what $1 means to a website (because it’s the same currency that you use), but it’s impossible to quantify what the value of your PII is to them. Over time, they might use it to spam you; they might sell or rent your information to an unlimited number of other parties; they might combine it with other data from other websites to build up profiles of users; and so on. Note that these activities may not cost you anything (they don’t figure into #1 above), but they do provide value to the website... possibly a lot more than the $1 you might have valued the transaction at originally. So you’re effectively selling yourself short by giving away a goldmine of information for a couple of piccies on the net.

This is why you should always read the Terms of Service and the Privacy Policy and any other related documents before signing up to any web site. Even then, you’re not necessarily safe. Many sites effectively say “we reserve the right to change this at any point in time... you should come back and check our website regularly!”. But even if you bother to go back and re-read the site every so often (once a month? a week? every hour? How often is often enough?) it probably doesn’t matter. If they change their policy to be “We will sell all your PII to the highest bidder”, what can you do? It’s not like you can decide you no longer agree and take back your information. They’ve already got it hostage.

Now, some of this might sound sensationalist, and I don’t know how likely any of it is to happen.. I’ve never actually made it all the way through the ToS or PP for a photo hosting website, because usually after several minutes of slogging through the legalese I decide to cut my losses and close the browser. But as far as I’m concerned, it’s Just Not Worth It.

Comments (8)

  1. Me says:

    So put in false information.

    Other workarounds are and

  2. Dean Harding says:

    Hear, hear!

    If someone sends me a link to a photo site, and if I feel like I REALLY want to look at the pictures, I’ll sign up with a throwaway email address (the cool thing about having your own domain is you can make up throwaway email addresses really easily) and fake everything else. Then, once I’ve finished looking at the photos, I’ll delete that email address and never use it again.

    I don’t understand why they want you to sign up just to LOOK at photos anyway. I can do it for free without a computer, why would I want to go to actual TROUBLE to do it on a computer?

  3. ptorr says:

    The trouble is that sometimes the ToS that you "agree to" says that you won’t use a fake address (or, more likely, that you will "keep it secret" or something like that…) so things like BugMeNot are probably against the rules :-/

  4. Chris Moorhouse says:


    1. To begin with, I don’t know what _anything_ is going to cost me. Sure, it’s just a dollar now, but when I think about the number of times I got the shaft because I needed just one more dollar handy, I get a little choked. I don’t know what being away from the phone might cost me, nor what hanging around it might cost either. Which brings up the other thing, what’s the cost of _not_ signing up? Whatever’s on the website might seem trivial now, but I can attribute most of my life’s events directly to a childhood belief that pigs were cooler than sheep (is that trivial enough to create an example?), so sometimes I’m not so sure about exactly what constitutes a "trivial benefit".

    2. I bought a house, so my name, my wife’s name, and my home address are now a matter of public record. The email address with which I sign up for things circulates a lot, and would be easy to snatch if anyone cared. My home phone number might be a little more difficult to come by, but I kind of doubt it. On the whole, there are probably cheaper and easier ways come by the information these sites are requesting than putting up a website that provides a service that I want to use.

    The big barrier to me is the time spent signing up. It’s just so flippin’ annoying! By the time I’ve figured out where my unit number goes on any given form, I’m usually so bored and irritated that I give up. This tends to cost me a lot in terms of 1(b) above.

  5. Jason Coyne says:

    Two solutions for you.

    1) get your friends to use smugmug or flickr. They dont do naughty things like that.

    2) Use sneakemail. Its not “throw away” like mailinator, and its not open, like bugmenot, but you can create a new email address for every website, that gets redirected back to your real address. You can filter inside sneakemail, to get rid of spammers (say amazon sells your addy – you still want email from amazon, but not anyone else)  or turn off the whole address at will.  I am very promiscuous with email, and I get almost no spam (except for the “try every possible address” spam), sneakemail took care of it all.

    Of course, that only works on a “virgin” address, if you are already compromized, no soup for you!

  6. tony roth says:

    sounds like

  7. ptorr says:

    Hotmail is where you *get* an address. You need to provide a username / password to keep your e-mail confidential.

    They might ask for other info (I don’t recall right now what they ask for), but at least with e-mail you get on-going benefits; it’s not a one-shot deal.

  8. Mike Dunn says:

    Who actually puts their _real_ info into signups anymore? Or, looking at it from the other side, why do sites collect such info anymore, knowing that most of the info they get is utter crap and worthless?

Skip to main content