Do you want a free pizza?
Pass on this information which doesn't affect you in any obvious way and is already 'public' anyway?
Why not?
Perhaps a note saying you should ask your friend if it's okay before passing on their information?
Researchers from the Massachusetts Institute of Technology and Stanford University have found that people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design, reassuring statements, and pizza. In "Digital Privacy Paradox: Small Money, Small Costs, Small Talk," …
Maybe the e-mail provided isn't a friend's. complanits.departement@microsoft.com for instance.
And presumably the offer is from an apparently trusted source. If Microsoft bought me a pizza I'd check for broken glass in it - I wouldn't eat it anyway but it would affect which recycling bucket I'd put it in.
Just mention casually, accompanied with a charming smile, that they're the only ones who got that specific version* of your email address so if they happened to leak it, you'll definitely know it was them...
* this obviously won't work with john.doe@... - you'd need something like 1234.john.doe@... (and them not figuring out they can just send mail to the base address)
"... people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design..."
...like offering "a faster way to browse the web" all over your site's main page?
- Make Opt-Out the default for every service.
- Force EULAs and TOCs to be in plain-language.
- Recognize that "legalese" is intended to hide important information and use of it is therefore fraud.
- Force data-holders to delete all data about one on request.
- Impose timely and painful fines for any violation of the above.
Easy fix, but it would never get past the Vested interests...
"reveal a friend's email address, something consumers consider almost as sensitive as social security numbers"
1. Email addresses are nothing like social security numbers. They are more akin to a postal address or telephone number and practically public domain.
2. You aren't testing how they think about privacy because you asked for someone else's email. You should have asked for their own email address.
@DropBear:
"An illusion, what are you hiding" (from).
Since I'm a homeowner, I'm not in the same boat. There are public records, and I'm sure that there are a couple of other folks around in the same boat. Your phone number is one of a sequence, so it is technically publicly available - just not directly assigned to you publicly. Certainly, someone somewhere has your phone number tagged with your name, possibly your address, and is using google. Sorry.
<icon is appropriate>
@Alistair, totally agree about the "phone number tagged with your name" thing. There are a bunch of different sites that craftily get a person to share personal data about other people, I'm thinking zoominfo.com and LinkedIn specifically, by giving you free access or other "goodies" if you let them slurp your contacts. Personally I think this is actually encouraging people to break the law since this sort of data should be covered by the data protection act.
@Alistair: I do sympathise with that situation, being the owner admittedly complicates things. That said (and re:phone / Google) there's rather a lot of difference between "knowable, for certain categories of privileged people, with non-negligible effort" and "practically public domain", the original remark that prompted my reply...
A few years ago something similar was done here in the UK. They claimed they asked commuters at a railway station to tell them their login passwords in exchange for a bar of chocolate as I remember. Firstly, most true commuters would have simply ignored them or sworn at them, secondly they had no way of checking the validity of the passwords they got. Stupid publish or perish nonsense.
My password? Oh, it's BdelliumPhthisisMnemonicCzarina(*), where's my chocolate?
(*) Or was that Tsarina at the end?
Exactly. Fundamentally flawed study, didn't ask whether someone would give up their OWN information. If this is protected information they've all fallen afoul of the DPA, because neither the person asked nor the asker was the owner of the address.
This is exactly how TrueCaller operates. Suck your friends' contact list dry and pretend that means they have permission to have all those people's that data. Er, no. That's beyond needing a lawyering and straight to needing a rogering.
It's all about choice.
There are matters in which privacy is important. There are others in which it isn't, and we'd sacrifice it for convenience or other rewards without a second thought. People perfectly rationally make different choices in different situations.
Here's one where I had occasion to curse excessive and unnecessary privacy.