Dragging the online trackers - kicking and screaming - into the light of day
A recent privacy survey by the Pew Research Center found that half of the respondents didn’t want online advertisers to save any of the personal information the ad firms collect about them. Eighteen percent of the respondents believe it’s okay for advertisers to save their personal information for a few weeks, and 7 percent think the companies can save the information for a few years.
Sadly, that’s not how the internet works. In a June 27, 2015, article on Digital Trends, Simon Hill explains that nearly every web page contains invisible content intended solely to collect information about you and track what you do on the page as well as on every other site you visit. All the information is compiled into a database that identifies you, whether by your real name or another unique ID. The database persists no matter what you do to try to hide your online tracks – it just grows and grows and grows.
The obvious purpose of the personal dossiers is to serve you ads that relate to your interests and traits. That’s just the tip of the iceberg when it comes to use of this incredible compendium of everything you’ve ever done online. For example, as I wrote in the May 12, 2015, Weekly, differential pricing means that, based on your profile, the products and prices you’re shown on a site differ from the products and prices other people are shown.
Blocking cookies may be fruitless… but do it anyway
Even if you block tracking cookies, you are identified as you travel the internet. Some trackers ID you based on the unique graphics characteristics of your device, which is called canvas fingerprinting. As NBC News’ Ben Popken writes in an August 4, 2016, post, you can also be identified by the unique list of fonts on your machine, by your device’s audio features, or by your battery level.
This doesn’t necessarily mean you should stop blocking cookies, though. Why provide the trackers with even more free personal information than they take already?
A recent study (pdf) by Princeton University researchers identified 81,000 third parties that track web users, although most tracking is done by Google, Facebook, and Twitter, according to the researchers. Arvind Narayan, associate professor of computer science at Princeton and a co-author of the study, states that “[t]here is a total lack of transparency” about these cookie-less tracking methods.
Facebook is in denial about user aversion to tracking
Forbes’ Kathleen Chaykowski reports in an August 9, 2016, article, that Facebook now serves up ads even if you use an ad blocker. Chaykowski quotes Facebook VP of advertising Andrew Bosworth as stating that the company designs its “ad formats, ad performance, and controls to address the underlying reasons people have turned to ad blocking software.” Nowhere does Bosworth mention tracking. Yet many people choose to block ads specifically to prevent advertisers from tracking them on the web. As Chaykowski puts it, these folks are “out of luck.”
Wired UK recently published a nearly illegible infographic showing the permissions users allow for six popular phone apps: Facebook, Twitter, Gmail, Viber, Skype, and Instagram. Here’s what the Facebook app can do on your phone without your knowledge:
What does Facebook do with this information? It monetizes it, of course. Not bad for a “free” service. Is all this tracking harmless? Not according to the Electronic Frontier Foundation, whose Sarah Myers West writes in an August 7, 2015, article that the news feeds of Facebook and other social networks are determined by your profile. As more and more people use social media as their primary news source, they probably don’t realize the news they see is based on their profile, thus it tends to reinforce whatever biases the service has already identified.
It gets worse: There is now an insidious form of redlining going on, as Fortune’s Katherine Noyes reports in a January 15, 2015, article. For example, the services’ proprietary algorithms may decide that Google searches for names that “sound” African American are more likely to deliver results suggesting the person has an arrest record whether they do or they don’t. Marketers use ethnicity, as determined by online profiles, to exclude certain people from receiving offers. Questions have been raised about banks and other financial institutions using data from web profiles to determine creditworthiness and mortgage interest rates.
All of this happens with no transparency. Nobody knows how the services’ proprietary algorithms work, yet proprietary predictive algorithms are being used by judges to determine sentences and parole/probation decisions in criminal cases, as the Wall Street Journal’s Joe Palazzolo writes in a July 13, 2016, article. The Electronic Privacy Information Center provides an in-depth look at the use of proprietary predictive algorithms in criminal justice system.
Keep your body-tracking info to yourself
What can you tell from a person’s heartbeat? Soon you may be able to use your unique heart rhythm instead of a PIN or password to access your bank account, as Fortune’s Jeff John Roberts writes in a March 22, 2016, article. On the other hand, your heartrate variability can indicate sexual dysfunction, which Slate’s Elizabeth Weingarten explains in an August 8, 2016, article.
If you use a fitness-tracking device, you may be sharing your signature heartbeat and other physical information with unknown or unknowable third parties. The data could be used in the future in ways we can’t comprehend now. The data isn’t protected by the Health Insurance Portability and Accountability Act (HIPAA), so once you’ve shared it with one business, you’ve potentially shared it with any and every business.
Consider that MIT researchers were able to read people’s heart and breathing rates remotely with 99 percent accuracy by bouncing WiFi signals off them. A retailer could use this technology to record your reaction to a product: If your heartrate and other measures indicate interest, the price goes up; if the measures indicate no interest, the price goes down. On the flip side, Fortune’s Roberts describes how a bank used biometric sensor readings of its customers’ body temperatures and blood circulation to determine several with high stress indicators. This allowed the bank to thwart a fraud attempt.
Resistance to Comcast’s pay-for-privacy plan
Paying extra not to be tracked or served up ads isn’t any different than paying for premium, commercial-free cable channels. Is it?
When Comcast filed a request with the FCC to create two tiers of service – one with ads and tracking, one without – the company claimed it was using the same revenue model as many other U.S. businesses. David Lazarus writes about the proposal in an August 9, 2016, article in the Los Angeles Times.
AT&T’s GigaPower broadband service offers the same choice: $70 a month with tracking, $100 a month without the tracking. Lazarus posits that the plans anticipate the FCC’s new rules requiring that their ISP customers explicitly opt in to tracking, which is expected to reduce ISPs’ online ad revenue. The rules also call for ISPs to disclose to their customers “in plain English” what personal information they are collecting and how they are using the data. I wrote about the FCC’s new rules for ISPs in the April 6, 2016, Weekly.
Some privacy advocates are concerned that the pay-for-privacy approach creates a second class of internet users who have to choose between waiving their privacy right, or staying off the internet. In addition, there is no way to confirm that the companies are honoring their promise not to collect or use the personal information of people who pay extra to avoid being tracked.
The key for the success of any such two-tiered model for internet access is the establishment of a baseline of privacy guaranteed to everyone. Then consumers would be able to make knowing, informed choices about what information they’re sharing, who they’re sharing it with, and how the information is being used.