The Tracking Debate
A journalist at the NY Times emailed with me the other night about tracking technologies on the web. I knew she was working on a Room For Debate series. I didn't actually realize my email was going to be printed verbatim. I might have edited it a bit. But I totally stand by what I said.
Here's the thing. I've always felt that the majority of web users understand that tracking technologies provide value and that they put up with them even though they are slightly creeped out by them. I also feel that there is a small but vocal minority out there pushing the privacy agenda. I stated that view in the comments the NYT printed.
And if you look at the comments, you can see that the vocal minority is out in force. But you barely hear from the silent majority.
I think the silent majority ought to speak up or we are going to risk losing one of the most important and powerful technologies on the web.
So you’re saying that people shouldn’t be able to opt out of tracking, even if they want to?
no, please go read the NYT linkin it i said:Web and mobile services that use tracking technologies should alsooffer an easy opt out mechanism that is easy to find and execute.i am all for opt-out. it is critical that we have it be the law of the land
Ah, I missed that line and skipped to the comments. :DI’m not quite sure what the issue is, then – people who want it can opt out, those who don’t can continue on as usual. Why is there a “risk losing one of the most important and powerful technologies on the web”?
because the privacy advocates won’t stop at opt-outthey want tracking shut down
You’re making quite a leap, there. Everything I’ve read is about a global opt-out, same as the Do Not Call register. This seems like the most likely outcome, given that it’s basically the application of an existing concept to a new medium.Sure, there’ll always be people who go overboard, these are the same people who have their emergency log cabin out in the wilderness – policy isn’t made or even influenced by them.
Not true. I don’t care about seeing ads or even targeted ads, as long as the targeting is based on the current session or on a logged-in relationship with another party like Amazon.What I do care about is having my personal information collected, stored, aggregated, used, and abused by unknown actors, with no real recourse. That entire process is in most cases completely opaque to users. Mechanisms like supercookies and device fingerprinting have no business being used on unsuspecting surfers.If some people actively want tracking, fine. If many people just don’t care that much, fine. But ignorance is no excuse to continue bad practices either. When people are told what is happening behind the scenes, they like it less. Education is key, as are real options for being left alone to surf the web in peace.
What annoys me about opt-outs is how they’re so often hidden at the end of a process or buried deep in a site or registrations page.Making me stop hard and think about — what does that mean for me? Is really a totally annoying question that trips up my day because I don’t know the site yet nor how i’m going to use it and I don’t yet understand the full context of what i’ll be sharing and seeing on the site.So i’d like UI to take on the challenge to quietly and gracefully weave opt-out options for the moments when I actually should consider doing the deed.
Privacy advocates want opt-in, disclosure, and the rest of the Fair Information Practices. It’s not like it defies the laws of physics to implement that as part of a tracking system.
That is highly problematic. That would be like saying ban linking on the web.
I’m with you on the value of tracking for users and businesses.But privacy is a cultural thing, not just a technology choice. The O’Reilly’s article linked below in Related had a good line:”The underlying difficulty in designing a simple Do Not Track mechanism is the subjective nature of privacy. What one user considers harmful tracking might be completely reasonable to another.”This is not a simple Track/Do not Track solution. I wished there were universally accepted standards that were easily understood by end-users (and not buried in 3 levels of browser configurations with obscure language that few understand).There is a new FTC report on this and they are asking for comments. Any reader interested in thus issue ought to check it out. http://gov20.govfresh.com/f…
Opt in not Opt out should be the standard.
that won’t workhow can i opt into every tracking service that i use?that would be a huge burden on me
Personally, I don’t see it as too big a burden, first time you visit a site you get asked if you would like personalised recommendations yes or no.I’m not against personalisation, I just think the choice should be mine up front and made very very clear about the mechanism and where the data is going. Or if it has to be opt out then it’s really easy to do so, not hidden 5 menus down in the account settings.Amazon do an ok job of recommending stuff, they did start bombarding my inbox with recommendations based on what I had looked and I discovered I had magically been opted in to every single email alert that they had, so I had to dig into the account settings and turn them off. That’s the type of tactic I disagree with.
Would you have to re-answer that question when you enter for the first time from different devices? My guess is yes, unless you log in and they carry over your settings….no?
I think your right Tereza and I can see the problems, I just like transparency.
The most powerful and magical tracking technologies are cross site internetwide implementations. I want to be tracked. I want the web to understand mebetter. And I think most people, if they think about it, would agree with meon thisWhy should the privacy concerns of a vocal minority cripple magicalexperiences for the silent majority?
I like what TBL has to say below:[My web history is] mine—you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.” —Sir Tim Berners-LeeI’d like to experience what you are talking about, do you have any good examples I can try out?
Fred,You are treating this as an on/off switch. But it also may be the wrong way to think about it. Sure web services provide us with a ton of value often for “free”. This model serves the successful providers and most users well. But there is a line that is often crossed. Rather than one switch, it is really a series on n switches. As you correctly point out, users shouldn’t have to manage a matrix of these switches. But that is not a good enough argument to say that they should all be on. The industry needs to do a better job of finding better proxies to determine which should be defaulted to on:Context matters. If I am trying to sell something, looking for a job or seeking broad attention, then tracking switch is on. But if I’m researching medical or other sensitive information, it should be off. The Web should know this and do a better job of providing these services.
i agree, but we have to make it simple and easyi like what tereza suggested in a comment in this thread
Would it matter or effect your position if you found out that you are wrong in thinking that “most people, if they think about it, would agree with me on this”?
how would we find out?surveys are only as good as the questions you askyou can get them to tell you anything you want
I’ve been asking myself the same question since I left the comment. Trying to answer it raises, I believe, some issues that demonstrate that it is indeed difficult if not impossible to get an answer – but also that your working assumption is probably not valid.How to reach “most people” – damn near impossible. You could probably gain access to a small subset of people – tech-savvy and opinionated on the matter – there will you will probably find two clearly opposing positions. Interesting how the stats would break in this group (surely you can publish such a survey within and hopefull through the avc.com community!?)… but still not representative of the general Internet population.Let’s assume you could reach “most people” – “most of them” do not know what the issue is and you would have to first explain it to them. Assuming you could do that – you would need to carefully ask good questions to get something that resembles an objective picture.Now … what if “most people” don’t care? Does that entitle you to make a privacy-invasive default choice on their behalf.There are just too many issues out there (at least in my mind) for you to assume your assumption and build on it. That is unless you qualify it as something “you want” instead of something “you think”!
The problem with opt out is that often I dont know that I am being tracked. If I am told that i am being tracked like Amazon, then I can decide to let it continue or opt out.
I think “opt-in” like any other web services and later with an “opt-out” is the right thing to do.
won’t worktoo hardif there was a single opt in for the entire internet then it might work
Not a bad idea. Perhaps the tracking industry should look at self-governing and create a universal dashboard that as a user, I can customize. That way I can ratchet up my tracking so that I get more relevant ads while someone else can ratchet theirs down so they don’t feel invaded.If all the methods of tracking become transparent (and better understood by the users at large), then two things will happen:1. Companies will be less tempted to implement subversive tracking techniques.2. People will be less “creeped-out” once they understand how the technology can serve them.It wouldn’t be an easy undertaking to create this “Internet Privacy dashboard”, but it’s a step in the right direction for the industry to at least appear like they are being proactive — didn’t Google recently offer something like this?
There can be an almost single opt-in for the Internet – it can be device based – such as a browser setting … but I really can’t see Apple and Google respecting such a setting on, for example, mobile devices – when their business strategies are founded on invading privacy.There can be (or at least movement towards) a single opt-in for the internet if a standard such as openID was widely embraced (instead of the big Internet power-brokers fighting to own user identification).As for the aggressive privacy lawyers who you say won’t stop at opt-out – I feel you are being a bit dogmatic. It takes a strong force and position to push back against the forces that commercial are already in play. Maybe if the industry showed a little more respect for privacy – the offensive would tone down accordingly?But to me the most interesting challenge – is how to settle such a debate. Tracking technology can and has been useful. Tracking technology can and has been abused. Some people are against it some people are for it. For the record – most people (the silent masses) have no idea there is an issue or a debate. If you can’t find a solution to accommodate everyone – how should this debate be settled? Is the way it is currently being settled the best way to go about it?
Isn’t the entire internet already opt in? I mean no one is forcing people to use it…and for better or worse, I think people *should* understand that by going online, you’ve opt’ed into making certain data points public…
Fred, I was the first one to weigh in on your side. As I stated then, you’re completely right about this issue. The amazing explosion of Internet innovation that we’ve seen (and are seeing accelerate) is because there’s a way to make some money (finally). People are going to have to understand two things about the future: (1) they’re going to have to pay for content; and (2) they’re going to have to endure advertising. The old way of putting the whole burden of profitability on the advertising sales team has crippled our newspapers and magazines. Internet companies are going to have to reach profitability (eventually) and consumers will pay for it somehow. If we cripple the advertising mechanisms the inevitable result will be more directly expense content. QED.
What do you think of the FTC recommendations?http://gov20.govfresh.com/f…
Looks like a mini firestorm brewing here in the comment section.If you were looking for a place where the silent majority was going to come to your aid – I’m aftraid the NYT is not necessarily the place.The funny thing about the debate is that it is actually not a passionate debate on both sides. The privacy nuts are very vocal and passionate and the rest of us are like “Meh!” – and could care less.Ultimately – you give the privacy people the ability to opt out and the problem should be solved except for the small minority who really want to then impose that view on everybody – which is the same as any group that is passionate about an issue: look at religions or the pro choice and pro life camps.The funny thing, to me anyway, is that advertising is inevitable in a free media society – someone has to pay for the content. Perhaps they would like to strip out all of the ads from the NYT and see what the content costs them in that case.As long as you understand that fundamental fact, then the next logical question is: if I am going to see advertising regardless – then how do I get ads that are contextually relevant – that are going to mean something to me? How can I make it so that the advertising I am doomed to see becomes entertaining content for me – like I am reading a fashion magazine?I’ve never fully understood the privacy argument. Yes, having people follow you around outside of your house and recording every one of your moves is creepy – but it isn’t illegal – and quite frankly it is not all that interesting. When you leave your house physically and go to a public place – or a series of public places (to the dry cleaner, to Zabars, to the movies, to CVS, etc…) you are going out publicly – you are exposing yourself to everyone out there – and are targeted by advertising and promotions based on where you live – what kind of stores you are frequenting – what sort of goods you are buying.When you do the same thing on the internet – you may be sitting in your bathrobe at home – but you still going to public outlets and are being marketed to the same way. If you can personalize that experience, why shouldn’t you.I guess I always wonder, what are the privacy advocates so worried about? What are they hiding? Why do they believe that they are entitled to more protections in the electronic world than they receive in the real world? Why do they believe that content shouldn’t be paid for in any way?Free start-up idea to close: start a company that goes to all of the large web publishers and looks at their CPM’s – and then aggregates and markets to privacy fanatics – charging them the lost revenue opportunity for the largest websites – and then stripping out the advertising from those sites. The publishers are no worse off, the privacy advocates have what they want and you collect a fee as a middle-man.
Test: Disqus won’t accept post
(Really weird Disqus behavior on this on several attempts to post, sorry. Errors and self-replicating content.)
I wish the tracking technology worked even better!I hardly take the time to opt out of anything and mostly I see generic ads, or worse, “Mom’s teeth whitening” or weightloss ads (unless somebody out there is trying to tell me something….)
What that “vocal minority” fails to understand is that we are tracked during almost every transaction. After all, the best business practice is metering as much as possible in order to see trends and be prepared for adjustments in operations.It seems to be a common theme in the comments on NYT that people think that cookies track what people do on their computers. They do not understand that when they are surfing the Internet, they interact with servers and browsers are simply a “window” to see what is on those servers. The correct analogy is brick and mortar businesses tracking the behavior of their patrons either visually or with loyalty programs.The analogies presented in NYT comments are incredibly wrong. Postal carriers reading letters or telephone companies listening in on conversations can be compared only to e-mail ads. Everything else works differently because tracking is based on how people access the content owned by others. It is the same as postal carriers or telephone companies studying the patterns of correspondence to see whether they will need more staff or equipment to handle certain directions.
I’d like to see some actual data for the notion that a “silent majority” both understand and agree with something like your proposition.I’m not inherently anti-tracking. I think there is a bargain to be made, and do not object to, for instance, Amazon treating the store as a panopticon. At the other end of the spectrum is Facebook (beacons everywhere, and currently the way to “opt out” is to blackhole their DNS entries, which I do, but how many folks run their own DNS?) and the browser fingerprinters, with whom there is very little to be done, because you don’t even know who they’re working with.What sort of informed consent can there be with the creepier end of this stuff?
Interesting study on this came out in 2007 – http://people.bath.ac.uk/aj… root of all of this comes down to two things:Some observations…..1. The way people define privacy on the internet is incredibly broad. People bundle any time of malicious possibility as a “threat to privacy”, including viruses, spam, spyware. In an internet surfer’s mind, having tracking cookies on your computer is bundled into a category of things that can lead to disastrous consequences. 2. The more experience someone has with the web, the more likely they are to better define privacy, and take actions to protect themselves. I would also argue that people’s definitions of privacy evolve as they become more comfortable with the internet, and that they are more open to such services as tracking cookies, as they have been exposed to the benefits.This having been said, an astounding number of people across numerous surveys respond with a “yes” to questions about privacy on the web….
I love showing up to a site when logged into Facebook and it knows who I am, it’s like Facebook calling ahead to the hotel I’m checking into to assure a great experience with the Manager. What I don’t want is the feeling that Zuckerberg has a PI following me around the internet covertly photographing me, compiling a dossier and selling it to any bidder. There is a distinction between the two which happens to be legitimate use and legitimately creepy.
Count me in the silent majority. I’m fine with tracking. I find it interesting that a lot of people who fear tracking are the same people that say, “Oh my TIVO is so great at predicting what I want to watch.” Not sure why so many people get bent out of shape about it when it crosses over to the internet.No difference to me, it’s all great when leads me to something I’m interested in.
I completely agree with this post and see both sides. But let’s approach it this way: If we know the vocal majority is going to get stronger over time and not fade (very high probability) then how should that direct our actions? Standing up and making great points on behalf of why tracking is good will never get the message delivered. The answer is somewhere back up/ down(?) the decision tree. The social trend is about control….the desire for and to control. It is growing….not shrinking. You have to get scanned or searched getting on an airplane. That’s just how it is so we turn over that control. But…we will take it back where we can….and this is one of those places.
Could the debate be put to rest by educating the public on the value of tracking? It’s the “advertising” industry! They can’t spin this and win?Tracking makes your web browsing experience more meaningful. Pages, content, ads and social connections are more meaningful when your preferences are known and understood. The alternative is to wait for less meaningful pages that deliver far less value…The “industry” should perhaps enable people to do simple A/B comparisons (tracking on or off). I will take the banner ad from my favorite rock band over the banner for belly fat reduction every time.
i think the tracking that advertising companies do is the hardest to defendwhat i am defending is the personalization of the web, insuring that the web knows me and can deliver a magical experience for me
Sure, that’s cool, warm and fuzzy :)The underlying motivation for most sites is to drive commerce. I think the underlying goal deserves equal defense and doesn’t need an abstraction layer of frosting. It’s win win all around. Less commerce = lower value / lower quality content. Outside of YouTube, the adage “you get what you pay for” applies here.Polarization on this issue is never going to cease. I want to win over the middle by giving them simple arguments they can use at the dinner table. For example:ads + tracking = ads as…content (engaging ads from your favorite band) ads – tracking = distracting ads (whiten your teeth, flatten your stomach)take your pick. there’s not much of a middle.compared side by side, the page with tracking delivers far more value (ads included)”I want to remain anonymous” equates to saying “I want to remain random”. Who has the time to be random? (fill in the blanks with insinuating adjectives)
Interesting topic and comments, as usual.I am not convinced that anybody has the appellation “majority” v “minority” — vocal or otherwise — right.Remember most folks who are here in Fredland are quite technical Illuminati in their preferences, knowledge and expertise. We are in a fairly small little fishbowl of our own making but it may not be even close to a majority of anything.It is difficult to embrace that while surfing the ‘net at 2:00 AM in my PJs, that anybody has a “right” to see what I am doing on my computer in my office. Nor does it seem a huge burden to have to say —“By your leave, Sir?” to be able to read my every keystroke.It seems patently unfair to make the leap of faith that it is MY duty to obscure the lens. Privacy is a messy business but the presumption that the default condition should be complete access seems to me to be nonsense. I thought we were trying to get everybody out of our bedrooms.If there is a presumption of a right of privacy in our Constitution sufficient to prop up abortion, it is difficult to believe that one does not have a right of privacy as to who is running around inside the motherboard, no?While I think there is truly no privacy in the world in any manner — witness Wikileaks and the inability to even safeguard Hillary’s noodling — I simply don’t trust anybody to safeguard what little remains.
You’ve found the magic bullet. “We’ve been tracking you across the web. Here are some movies that other people that are considering an abortion and have a credit score of 568 and a rash inside of their nostrils also liked!”
How’d you know about my nostril rash, Andy?
It was that movie both of you mentioned loving on Twitter — it was a Hunch he had…
I’ve heard nostril rash can be caused by leaving said nostrils over a strong glass of scotch for too long…
My eyeballs just bulged out of my sockets in shock.
I tend to zone out of the privacy debate because it’s too esoteric for me and I think for a lot of people and therefore reverts to an almost religion-type debate.But the thing is, I can readily make judgments based on SPECIFIC examples of whether I want privacy. It depends on what i’m saying, who i’m interacting with, time of day, what i’m trying to achieve and a broader context or gestalt.I think the questions need to be taken out of the realm of the esoteric and we users should be empowered — if we’re skilled/illuminated/passionate enough to care — to opt out (or in) on a SPECIFIC basis.And how respectful would it be it a site push a notice to you saying, “you opted out on a similar circumstance, would you like to opt out here?” I bet a lot of people would say, “No, it’s ok — we’re cool”. But boy would it build trust.
I’m firmly in the pro-personalization camp, but I have to say that I still want the ability to do completely anonymous browsing.If a friend of mine is diagnosed with cancer and I do a search for that, I don’t want to be tagged with that on my profile.Imagine a world where job ads don’t appear for that reason.
I keep thinking abortion as close to HIPPA -your physical body and medical records. My taste in lipstick should not be covered.
i adopted the minority/majority language to make a pointi agree that it is dangerous territory
Tracking is like many things… if done in moderation and for the right reasons it’s acceptable and improves the user experience. BUT… like many things it only takes one or two bad guys to spoil it for everyone and there are sites who gather information about you, not necessarily with the goal of “improving your experience” but to either spam you with crappy fake goods or sell it off to who knows.Definitely agree with you point about opting in… it should be a user’s choice as to what info is tracked and they should understand how that information will be used and protected so they can make an informed choice.Sort of side note, I did have a chuckle with a friend the other day when we were talking about the outrage people have when the governments and organizations track certain things are many of the same folks who post their personal lives all over facebook and twitter and the like.
Ugh, I hate to write posts sounding like a raving Libertarian, but this is all part of a much bigger problem. Government needs to stay the hell away from the internet and let the market sort these things out. There has never been a platform in history that allows for such rapid market corrections. Government is way too blunt of an instrument for such a quick moving organism and is guaranteed to dramatically stifle innovation. If people start finding negative consequences from being tracked, you better believe someone will be immediately fixing the problem and profiting off of it.Is ANYONE really suffering problems from Internet tracking or are people just paranoid?
I’m going to leave off the government-related stuff for now, and just look at your last question.You’re getting awfully close to the “what do you have to hide?” style arguments for why the government should have access to all your data, simply substituting private companies for government. And remember that government purchase of marketing data is one of several end-runs around the 4th amendment that is actively used.But for purely private scenarios, try this: Imagine you were going through an adversarial divorce, or were being sued by someone. Imagine that a PI is following you everywhere, recording your whereabouts, activities, and reading habits. At the very least, would you like to know this was happening?”Anonymized” data doesn’t really exist. This has been demonstrated repeatedly. I don’t have any proof for this assertion, but my gut feeling tells me that if data is sufficiently granular to be useful, it can’t be anonymous.In any case, I agree at least to the extent that I think technical measures should be looked at first. I would like to see a “voluntary” HTTP do-not-track header added, and see what people do with it. I would also like to see e.g., Firefox adding more control over the nuts and bolts of content negotiation (the main vector that’s abused for fingerprinting – things like installed font listing, etc.), and better ways to create profiles to omit, lie about or randomize some of that information. (Yes, I’m a web developer, and yes, that would make my life harder. So? Users have no obligation to be truthful, outside of obvious fraud-related areas.)To come at your question from a different direction: people doing the tracking obviously value the data they’re collecting. The people generating this data, at the moment, are under-informed as to the value being generated, or even that it is being generated. This is an information asymmetry that is distorting the market for this data.
I think the bigger question here is what are you actually paying for? If your going to a web site for free (no money exchange) it seems reasonable to me that you are paying in some other fashion (tracking/usage data is just one of those)…just because you pay the phone company for an internet connection doesn’t mean you own anything online…In some ways, it’s not unlike going to the local store…anyone that wants to ‘follow’ you around the store, noting what you do, where you go, and even what you buy is actually free to do so (and the store itself does this with cameras anyway — even if they don’t actually act on the data, they have the data)…did you opt into it? Well technically yes, because you chose to go to the store (and be in public).The only real difference online is that it’s ‘easier’ to collect and act on this data…
If you’re not paying for anything- you’re not the customer, you’re the product.
The only real difference online is that it’s ‘easier’ to collect and act on this data..Well, sure. And the only real difference between a UAV and a solider is that a UAV can screw up without someone dying.The real difference is, well, the very difference we’re talking about. But to run with your theme, I expect that there will be a way to monetize store security cameras for marketing purposes within a decade, if not sooner. Hotels are paving the way here.What I’m getting at is that J. Random Consumer is, at this point, a rube. She doesn’t understand the value she’s blindly giving up. We’ve already seen one market equillibria shift here – grocery store loyalty cards. Basically, coupons are dead except for old people, and have been replaced with loyalty cards. The difference is coupons were arguably cheaper for consumers, because the time cost of browsing them was also a form of entertainment for many, and the privacy cost of sharing your refrigerator contents and schedule to marketers is largely hidden.I don’t mind being somewhat public here. But elsewhere, it will cost you to know about me. As Jared below says, you’re the product.
I am not a Libertarian but I definitely agree. Government is not the answer, let the market work itself out. (Government has a place… like locking up those who hijack my camera when I’m sitting naked in front of the computer drinking Kool-Aid with a bra on my head… I swear that wasn’t me Mr Principle.)
Just because you’re paranoid, doesn’t mean they’re not after you.
Yes – you have no idea how disturbing it is for your browser to start showing me lots and lots of sports ads and mens watches suddenly.Because I keep getting mail from startups, there have been periods where my internet thought I was male. It was extremely disturbing. I’m female! I like being a girl.
My concern is anything and everything that has to do with health issues. They are personal, people need information and support.HIPAA privacy laws exist because health information can and is used against people, so doctors offices, hospitals, insurance companies have to comply.I have no idea how internet privacy relates to health and I’d like to know understand that better.How do we ensure that searches and clicks around “Stage 4 Metastatic Cancer” or “Bi-Polar Disorder” don’t get attached to your IP address or name and get sold.What if someone wanted to build a business in knowing who’s been searching and clicking around for such conditions and were selling that information to potential employers, as equivalent to, say, a credit report. Which then restricts your ability to get a job, win customers, because you “might” have an association like that….implying shorter life span, complicated extracurricular life, etc.Does anything protect us already from that happening? Is it something we want to make sure doesn’t happen, or are we OK with the market taking care of it?If someone could shed light on that, I’d like to know. Thanks.
I consider myself on the “more knowledgeable” end of the internet-user spectrum….and I honestly have no idea what is being tracked, what it’s used for, who is doing it, or how my user experience would differ without it. There has simply been no negotiation on the matter.This is something taking place between two private parties, is it not?If this is something I’d want, isn’t it your responsibility to sell it to me?If I walk into a store in real life, I don’t expect that they will tag me with an invisible ink that lets the next store or bar or whatever know my tastes and create a “better” experience for me. MAYBE if they asked and presented a compelling case, and educated me on how to remove the tag…. I’d consider it….but this “we’re tagging you and tracking you for your own good”…..just doesn’t sit well with me.All of that said, this is between private parties. The market will most likely sort this out…because someone will likely get mad or someone else will create a product that both educates and solves, etc.But the old adage rings true: Pay cash, never write when you can call, never call when you can speak in person.
Andy nails it: the problem isn’t that I’m being tracked, it’s that I have no idea how and when I’m being tracked.I’d just like to know how I can turn the tracking off when I want to.
It’s easy to turn the tracking off…just don’t do stuff online…or on your phone…or at all actually…then of course we’ll just track the fact that you don’t do anything (and that’s good data in itself)… 😉
It’s only going to get harder- most student ids now have rfid chips. You can’t move around campuses without activating the chip. Even NYState is moving in that direction with its licenses. Many mass transit passes also use those chips. Basically I can’t move anymore without being tracked.
That’s actually not that hard from a cookies perspective. I keep a second browser installed just for this purpose.Fascinating to see how the web looks different when I surf the same sites in both browsers simultaneously.
But this might work less than you might think. I seem to recall reading about a Google employee who was dismissed for accessing Google’s records on what email addresses were linked. From what I recall, Google knew the emails were linked because the accounts were signed in from the same IP, albeit with different browsers.
I sincerely hope Google doesn’t think I’m dating all of the hippies also using Gmail at that indie coffee shop I just left.
In all seriousness, that is an idiotic tracking mechanism. The only thing you know is that two accounts used the same internet connection.Throw in dynamic IPs and you now know…ALMOST nothing.
not really. you think it’s hard to write an algorithm to identify whether two accounts have the same owner? here’s two situations: 1) two accounts are always signed in from the same IP at the same times and 2) an account is always logged into immediately before or after a 2nd account.edit: maybe i’m misunderstanding you.
I agree that those two circumstances create a much higher probability, especially #2.But that was true on the web before cookies were invented.It has also been true since the 1950s that if John Smith gets Lowrider Magazine and Jack Smith gets Motorcycle Monthly, and both go to the same address, they are probably the same person too.Solution for those who care (and most don’t): get IP cloaking software. It’s like a PO box for those ashamed of their Lowrider Magazine. :)(edit: get IP cloaking software and refresh your IP every time you log into a different account.)
Well, I think we simply disagree. I think there’s a great number of users (the middle) who are willing to be tracked in a great number of context, but would like to have some idea of when and how they are being tracked. Even Fred, who is pretty much on an extreme in favor of tracking, would probably be annoyed if his entire Facebook message/picture/whose pages he visits history was made public without his knowledge.Saying things like “get IP cloaking software” isn’t terribly persuasive. That’s attacking a strawman.
I think we’re using different lingo because I think we generally agree.If you look at my main comment on this post – I think the broad middle wants the web personalized but wants to (a) know upfront what is going to happen and (b) have the controls to turn it off.Re: IP cloaking, I’m really just saying that’s the only way to hide your identity from a server. I think it’s misleading to mix IP address records with tracking cookies.The web can’t function without sending traffic back and forth between two IPs. Are you saying that shouldn’t be logged? That’s never even been remotely controversial.
You’re right, we do agree. I screwed up. Sorry Aaron.
No reason to apologize…this is what good discussion is for!
i do the same thing
Another fascinating test is to turn off third party cookies in that browser and watch how much of the web breaks.As mentioned before, Disqus…but also the Facebook like button everywhere but on Facebook.
I’ll follow you down that rabbit hole… see my NYT comment below:TRACKING IS GOOD! Listen, do you enjoy a website already aware of your location? Do you mind Google placing ads you “may” be interested in on the side of your Gmail box? IF you despise both of these then let me ask you this, do you like having a job? Do you like all the free content you can consume on the internet?Listen, #1 selling data creates jobs on both sides of the transaction. #2 many of these sites (Twitter) have little to no traditional revenue streams, without the ability to sell user behavior data there would be no Twitter. The same goes for free content, they need ads, Google serves you the most relevant ads possible in hopes you will click on it. For sites like Amazon see #1.Finally here is a little piece of advise for the cry babies above. TURN OFF YOUR COOKIES. Now go back to work.
I was thinking this was about site visits etc… But to some degree I think Gabriel Weinberg has it right about privacy settings. People should have as much as they can really in my view. If it was up to me there would be free anonymous gateways for everyone to use.
I’m not sure the silent majority will speak up until the free web is really threatened.I’m theoretically okay with “Do Not Track” if Google is allowed to put up a page that says: “Sorry, we can’t make money if you won’t allow us to personalize your experience and deliver advertising relevant to you. Please type your credit card number below for $1 per search query.”
Fact of the matter is that this sort of thing has been going on since the 1980s when database marketing became common practice. The only difference is that now it’s online instead of offline. People didn’t like it then, and they don’t like it now.Given the huge $ opportunity database marketing (and internet personalization) represents, I’d view it as unlikely that it gets legislated into oblivion.
Hah, is this why AVC is used as Ghostery demo page? 🙂
Is this why AVC is front example for Ghsotery? 🙂
yes, i believe in tracking and i also believe in transparency
Some really basic thoughts.Even without tracking, a website such as this one already should have a good method/idea for what to advertise -technology or business products. It may be a better idea from a point of quality to not track a person, but to track what is on the website.I have a doctor that uses the free version of Google Docs -and while it definitely makes him much more efficient as a doctor – I find it disturbing that parts of my medical history may be read by the google -especially because the best way to make an appointment with him is through his (very everyday) GMAIL.While I don’t think my taste in lipstick or tv should be private (and in fact, over the course of history, it really hasn’t – there are Nielsen overlays for a reason) – I do think my movements (RFID for example with my old chicago bus pass) and important private activity (read HIPAA) should be protected -including on the Web (the web can be a therapeutic community if it wants to be). I also do think that it is totally possible if one is careful to run advertising on closed pages if you already have a predefined topic on that page (less of a need to tract). We may in fact be over-tracking, so there is no need to look that deeply inside.
I think it’s amusing when Google serves me “targeted” ads for the site on which I work in addition to many of our competitors through AdSense when I’m visiting completely unrelated blogs. This just seems creepy even though it’s so poorly implemented because they can’t tell that I’m not in the market for auto parts by any stretch of the imagination (I don’t even have a car), I just work for an e-commerce site which sells auto accessories, hence my many visits a day to pages on our site and those of our competitors.
My off the cuff response? People don’t want privacy – they want “perceived” privacy. IMO most would choose better service over absolute privacy. Why am I confident in this? FACEBOOK.In the end, it’s probably more about trust than it is about privacy. Fundamentally, people want to trust, and the level of truth amongst two people increases with a rise in trust. If trust is low, then we fear the misuse of the truth. The larger our fear in the misuse of the truth, the stronger our privacy conviction.
I think there is a significant portion of facebook that doesn’t understand what they sign up for.
Granted, but I’m not sure the care is there either. People exposethemselves regularly by over-friending.
or maybe they don’t care.I have 6000 twitter followers and 3000 facebook friends.I once tweeted: “Here’s a privacy tip for you: if you don’t want it to be public, don’t post it on the Internet. That was free.”
I don’t find that particularly persuasive. You are conflating “I don’t care if this one specific person can know a ton about me” with “I friended one person I don’t know that well…please disclose all information Facebook knows about me, including the satiristic joke I said to a friend which others might find offensive out of context.”
Facebook is just easy pickings. There are many more cases that couldillustrate the notion of perceived privacy. Fred’s argument aroundtagging and other tracking measures is spot on. The web could not havegrown or matured in the way it has without it. Ironically, it’s apart of user-centered design. It’s a necessary evil?! That may beslightly glib, but the notion of absolute privacy is idealistic atbest. Phonebooks, itemized cellular bills, credit cards, gymmemberships, and voter registration are everyday examples whereconvenience trumps privacy.
In Chrome I have complete control when it comes to cookie permissions and I can adjust this setting, so I can decide.There are normally cookies coming from the web page you are in, but there are also third party cookies coming from other domains (ads, images,…). I would be ok for the firsts cookies but not for the latte. Regarding “normal” cookies, I would not agree the webmaster sharing them without previous permission.
You’re in effect opting out of a lot of personalization. Which should be your choice.That being said, it makes the web not work in a lot of cases.Disqus won’t work on a new blog you visit, for example. (Disqus is a third party domain and needs a cookie to operate.)That’s the tradeoff for “free.” I’m fine with personalization as long as I can “log out” of my account and browse the web anonymously when I need to.
the Disqus example is a great one, thanks Aaron
A quick tip for all of you worried about cookies. Use two different browsers:1) Main browser (say Chrome): for all sensitive web browsing (email, FB, Twitter, …) in high confidence webs2) Risky browser: (say xxx): for risky browsing (you name it)
I do this.I generally use Firefox as my backup browser.
i do this toomost sophisticated web users do this
This brings up the more general point that when an issue divides people on those who care and those who don’t care (as opposed to those who care one way, vs. those who care another way) those on the “care” side will win the battle more often then they should even if they are a minority because they produce the majority of rhetoric.
Ignore the extremes on both sides. The “broad middle” wants personalization, relevancy and all the benefits of the web working the way it works today.Adopt the agenda of the privacy extremists and you get Disqus not working because its a third party domain cookie on AVC.com. That’s completely unworkable.That same “broad middle” also wants to know what personalization is happening, and control it. That’s why Amazon says two things “we’re showing you this because you like this” and “if this isn’t you, please click here.”Sites need to be upfront about what they track and the market needs to create a standard for this. Sort of like the CNBC disclosure screen that flashes up when an analyst goes on air.This whole issue is crying out for more innovation in the browser. There should be a set of “surf as” buttons so I can flip an individual browser tab between multiple people (me, my wife, my son) and anonymous.That would actually help personalization (so I can stop getting ads for Jane Austen books on a shared iPad) and give users more control.
i totally agree Aaron
I like that I can see relevant ads for what I’m interested in. Group yoga retreats? Yes please! I want to hear about them! Dating sites because I have my status set as single? No thanks.Facebook reaching out and using data from sites I visited because those sites have some Facebook integration, and using that as apart of my interests? I don’t like that so much. Perhaps I’m mistaken that they do this. Is this different from a specific website that I visited retargeting me with ads? I think so.I know many people who don’t use Facebook or other social sites because of the privacy issues. They’re private people, they have no need or reason to be ‘plugged in’ – they have the phone numbers and emails, and keep the people who they want to be close to, close to them.The problem is things, especially on Facebook, by default are more open than they are more closed off which people don’t understand. The default should be that they are more closed off to begin until a person understands otherwise. With Twitter, it’s pretty obvious. But when features are being added like the way Facebook adds them, they start to affect people’s lives. It’s following the idea of building trust. You don’t just start telling strangers your health-issues, generally, because you don’t know how they’ll react and/or use that information. There are a few things Facebook needs to do to remain king, but I don’t really like them enough to tell them, I’d rather someone else does it.The reason why platforms like Facebook want to keep things open is obvious, it’s better for their ecosystem and growth. On Facebook you’re still not given the chance to ‘approve’ a tag in a photo before everyone is told that you’ve been tagged in it. Many people deactivate their Facebook account every time they “log-off” so they can quickly manage anything that might come up, but that shouldn’t be the way it works.One great thing is consumers can chose to just turn off ads with ad-blocking software (mind you that’s not very well advertised). I think it’s true that if most people are given all these options they’d chose to see more relevant ads than not see any at all, and they can decide when if they’re in that current state of need of either needing seclusion or socializing and greater excitement to find them.The worry I think everyone should have is criminal activity. Whether it be stalking related or financial crimes. When does someone have enough information on you to imitate you, or be malicious towards you in some way? Even then, how many accounts might be unknowingly hacked and information viewed through one of your friends accounts or fake profiles and people fishing, maybe even specifically for someone with your name because they have the other piece to a puzzle to get into your bank accounts?If you’re someone who has some extra money / resources, and a balanced mind and life then you can fairly easily handle most issues that might occur – but it would probably disrupt a lot of people’s lives and probably in some cases quite terribly.And this is a concern for society – people’s overall well-being and safety, including credit card fraud and other financial frauds which in the end we all pay for.
When something is personalized using prior data, I’d like to be able to see what prior data is being used to put together this personalization. This is generally not allowed, which I assume is because of Amazon/Google/FB/etc. personalization algorithms’ being protective of reverse engineering concerns?If they won’t ever tell you what they’re using and why, then it does seem worrisome from the consumer’s point of view- I like how Amazon emails recommending a new book mention why they were sent based on my history of orders and recently viewed books. Yes, Amazon, I am interested in a new David Foster Wallace book, as your recommendation algorithm thought I might be, and it’s interesting to know that they derived this due to my prior purchase of “Steps” by Jerzy Kosinski.AdSense never lets you know why they’re targeting certain ads toward you, but not only are the ads very poorly targeted in my case, they’re very obvious in their slightly creepy method of following my web activity and using recent visits to determine which ads to run even if completely out of context. Facebook display ads in my case are very crude and far from effective for my purposes as well- they are just taking words from my profile and showing ads which vaguely relate to these categories. “math jobs, tennis partners, actuarial t-shirts, golf equipment, chicago deal-a-day sites, ruby on rails jobs” are a sample of the ads which dominate my FB targeted ads- some of these are amusing such as rails jobs given that i don’t know rails at all, and no longer work in the actuarial field. But hey, they gotta get those impressions somewhere i guess, and I’m probably closer than most to their targets.
I think the key is an easy way to opt out – or opt in. Also, this is not limited to the web – I saw a news story on Fox 5 San Diego about how you can drive around with a baby monitor and spy on peoples homes & babies.That is MUCH more scarier to me.
As a “privacy advocate”, I want to just say that I do not want tracking “shut down”. I am more inclined toward more effective education and informed consent. It should be easy to decide what you, the consumer/user wants to share, trade, etc.And remember, this applies to more than just our web activities. I recently blogged about “Digital Exhaust”, and you might find it eye opening.http://blog.secret123.com/2…
Thanks for the provocative post Fred, clearly lots of high quality and diverse opinions here have been shared as a result. While I’d probably put myself clearly on the privacy advocacy side of the fence, extremes of any sort always worry me, including yours that suggests unfettered tracking. I believe your post overly simplifies the issue, but rather than try and tackle it directly (you’ve got enough opinions here and can always follow my @privacyfocused tweets where I link to useful resources on this subject), I’ll introduce a different perspective.Some have touched on the legal consequences around tracking technologies and that should not be taken lightly. When a third party is involved the transmission and storing of information about you, the legal privacy protections that we can avail ourselves to today, are significantly weakened. This is one of the issues that is raised by Gmail’s targeting of ads in email for example. The fact that Google uses technology to read through the contents of one’s email to display ads begins to chip away at the privacy protections of both sender and receiver. When email was primarily handled by local email apps and not stored on servers, the threshold for law enforcement access required a warrant. With hosted email models, a subpoena to the service provider is often enough to justify access.While we all love the potential conveniences, we should not overlook that there’s a constitutional price to pay that most people are not aware of.
Those ‘Minority Report’ ads that call out at you personally while you go about your business are here today.Google and Facebook know more about users than their families – what they search for, what sites they go to throughout the Web (via partners in advertising networks, ‘like’ buttons), whom they interact with via mail and the social graph, everywhere they go via location-aware mobile devices.That’s an incredible amount power that could be used the wrong way. It is really potentially a dystopia as more info goes electronic, payments, medical histories; you integrate facial and license plate recognition.What I want :- transparency – know what info on me has been tracked- control – ability to scrub it- ability to opt out- strict controls on how long that information can be stored, how it can be sold/transferred, what it can and cannot be used for, and requirements to keep it safe and private.
I feel the debate is similar to the social network privacy, years ago we were all talking about putting our credit cards online and now we put our entire life on the web!Beyond that, my questions/comments are: i) Can I enjoy a more private Internet? I am not talking about Tor (http://www.torproject.org/) but a more granular configuration. ii) I really feel bad about things like “I Like”, mainly on services like Facebook where they track your profile with the site, even if you “Don’t Like!”. iii) What are the limits? in the tracking line of thinking do you support DPI (Deep Packet Inspection) from ISPs? Google now has an HTTPS alternative, but ISPs ask why Google can track you while others don’t have that privilege? iv) What’s the economic value of my online information? Do I receive enough benefits from that?
None of it matters until it is abused, the ideals of tracking are fine given anonymity, and being used for improving quality and services by anonymous ID. But in reality that doesn’t happen – in reality employees stalk customers, get caught and fired, government subpoenas the records or simply pressures the company into releasing the details.Human nature has greed, and is corruptible. This is why we have systems to raise us above chaos. Its like communism – good in theory, but in practise sucks!Privacy rules are here to stop the abuses – which all eventually happen, we are human! I heard a quote about national disasters – “Natural disasters occur as soon as the last person has forgotten about the prior disaster”;
Fred, what’s your evidence that most people still want to be tracked when they actually know how much information is being recorded, how broadly it’s shared, and how many security breaches there are?My experience is that tech entrepreneurs see a lot of value in tracking. If that’s mostly who you’re talking to and whose blogs you’re reading, then you could easily be getting a biased view.
i’ve been interested in this topic since 2001 ishi’ve asked literally hundreds of people and have focused on non tech peoplei’ve explained them the value that comes from trackingand they generally are ok with it as long as their data is protected and is anonymous
Fred, the best possible tracking is what the cable companies can do, and they can do the best display ad serving as well.Very quickly, we’re seeing Level 3 (and Netflix) try to use NN, to screw Comcast, and they are not worth even close the value of Comcast being able to drive real spikes into the feet of Google on display.
Anonymous tracking meets capitalism’s needs without compromising privacy.
Thanks for this great post.
Thanks rannie for ur observation. I also noticed it..they are too clean and tidy.,,hahaha. BTW, amazing works, right?
Its a good problem to have. Imagine a situation where you are in your business and no one gives a crap about writing to you – you will be begging for email then…
Tracking is miniscule compared to the real problems of online privacy.The fact that your information is sold to anyone with a dollar is the real problem. Or that companies safeguard your information with whatever means cost them the least, and then when, surprise, surprise, the information gets stolen all the companies do is give you 3 months of credit card theft monitoring. Ridiculous.I almost always seed my information with some sort of unique identifier when I register to a new website. It’s interesting where that information ends up sometimes.
I disagree. Opt in is work. Most people won’t do and then the magic of theweb knowing and understanding you will never be realized. It needs to bedefault on
If most people won’t opt-in, then there is no perceived value in tracking from the perspective of the end-users. It’s up to the web companies to sell this value to users, just like any other aspect of their webservice. Companies shouldn’t be able to just sneak it in there for their own benefit. I agree with Charlie on this.
The problem is that it’s a gray area on who’s showing up to whose door…I mean you are visiting various sites and leaving an information trail laying around out there…for the most part you can’t know if it’s a horrible site that you don’t want recommendations from until you’ve visited it…but because you’ve visited it, they can assume you’ve opt’ed in…seems like a classic catch 22 to me.
Charlie, my dad used to buy and clean out lists from Nassau county in order to do the same thing. Would you prefer your local government sell the lists for say if you have a pool?
As a general rule, I buy in to tracking for all the reasons already stated — so long as these are restricted to anonymous personal preferences. It gets a bit freaky though when I mention in an email that I someday want to rent an Italian farmhouse over a summer and a day or so later, someone who leases villas in Tuscany begins to follow me on Twitter.
do you want to be opted out of disqus’ third party cross site cookie by default?
I don’t think it’s about perceived value…I think it’s about ‘immediate’ value…would you opt into amazon tracking what you view and buy with the promise that “over time, we’ll be able to point out smarter purchases for you?”…until you see what they mean by that (ie. actually get smarter purchase recommendations), you likely wouldn’t do the work of opt’ing in and then everyone loses (well not the makers of the lesser quality stuff, but everyone that *should* win loses out)…
The value is that you……don’t have to pay Google $1 per search query…don’t have to pay Facebook 50 cents per status update or a penny per photo uploaded…don’t have to pay Twitter taxes of 25 cents per follower per yearThe web is free because of advertising. Web advertising barely works today and personalization makes it work profitably.We just have to put people in control of the personalization with simple, easy-to-use browser-based controls.
As much as this is true – I do find it amazing and somewhat great that with good advertising I have found many things that I like. I also find it equally disturbing that I get followed around with ads. And I don’t seem to have a choice to have one without the other.
I believe the market made its demand for more privacy and companies responded. See “In-Private” browsing. No need to legislate what the market will work out itself.
ok- god forbid you got cancer and you want to use a website to talk to other patients with similar cancer stories -should this be tracked? If you announce on Twitter/Facebook that you were just diagnosed and you are looking for an oncologist because you don’t know where to start -should this be tracked?There are some fine lines.
I agree with the argument, it just needs to be made to the customer. People need to know the real price of ‘free’.If someone gives me something for ‘free’, it’s not OK for them to later sneak into my house and steal some silverware as compensation.Sent via BlackBerry from T-Mobile
Since people realized there’s money in ‘dem ‘der hills!
Must be something in that fresh Susquehanna water…
I completely agree. There are a huge number of ethical issues here that disturb me.That being said – we’re talking about the very foundations of the web here.This data has been collected since the dawn of Internet time. It’s just that they are now starting to use it.I’m certain that “not tracking the data” is not going to work. Servers are still going to have logs of IP addresses and databases of user profiles.I’m not claiming to have all the answers but these are tough questions.
Absolutely. Users have an absolute right to know AND control the personalization, both before and after.I’m hoping the market will create a standard for how we do that effectively and consistently.
But Charlie, companies have been doing that since the dawn of time. In 1982, if you subscribed to a magazine, you’d get direct marketing targeting those interests.I know one woman who was interested in tracking it, so she added a different middle initial to the first 26 things she signed up for. It was fascinating to discover the “tracking” networks of the 1980s.
Hack that shit and follow the people who try to be perfect citizens…. Luckily with that time and energy you can do more good in the world.P.S. That stuff is scary if you think of how it can be abused.
EDIT: I need to re-write it better
Yes. I might have chalked it up to a bizarre coincidence but I recently had a similar experience — this time the email was sent from my gmail account. For all I know it’s happened other times, but these two instances involved very distinct subject matter.