Menu
The fight against privacy smashers continues
June blew up on me. My site crashed, a friend passed, more hopes dashed. And then Orlando.
Rough weeks – What can you say? They happen, you move on, hoping the next one’s better. So, on I move….
Online ads are dangerous
Don’t believe me? Check out Joseph Cox’s June 3, 2016, article on Motherboard that describes how one researcher created a malware-delivering ad for Facebook in just five minutes. The researcher, Justin Seitz, had previously received a Facebook ad that led him not to the destination he expected, but rather to a fake ESPN site filled with “dodgy” ads for health supplements. Seitz explains that the fake Facebook ad could just as easily have led him to a site filled with malware able to compromise his machine simply by opening the page – no clicks or other overt actions required.
Yet there continue to be Chicken Little doofuses who claim ad blockers are the end of the Internet as we know it. One such is John Delaney of Morrison and Foerster LLP. Delaney writes in a June 6, 2016, article on JD Supra Business Advisor that “[t]he [online-ad] system worked well for two decades. And then along came ad blockers.” Delaney claims ad blockers cost online vendors $22 billion in lost revenue in 2015, citing figures from anti-ad-blocking vendor PageFair.
The fight against ad blockers is losing in courts on either side of the Atlantic. Every suit against them has ended with courts determining that ad blocking is legal. Delaney concludes that the best approach for advertisers is to craft better ads – ones that don’t intrude on the viewing experience and that don’t eat up memory and bandwidth, which is particularly important for mobile ads.
What Delaney completely misses is that many people are motivated to block ads not merely because they are annoying or resource hogs, but because they track us. Not once in his defense of the online advertising industry does Delaney make any reference to ad tracking. Yet loss of privacy is the number one reason people avoid signing up for Facebook and using other online services, according to results of a recent study conducted by Albert Nelmapius; he explains the survey results in a May 26, 2016, article on Business Day Live.
Nelmapius identifies the increased privacy risk as “a statistically significant barrier to those who don’t use Facebook.” In a May 27, 2016, article on The Drum, Fred Joseph, COO of advertising firm S4M, writes that the growing number of consumers using ad blockers is the result of the “creepiness factor” of ad tracking. This is especially true for cross-device tracking, which combines what you do on your PC with what you do on your phone. Joseph calls for FCC oversight of the industry to help put consumers at ease about the Big Brother aspects of online tracking.
FCC promises to take a closer look at online-tracking disclosures
Read any good privacy policies lately? If you have, you are a one of the very few. Back in 2008, Carnegie Mellon CyberLab researchers Aleecia M. McDonald and Lorrie Faith Cranor published a paper entitled The Cost of Reading Privacy Policies (pdf) that found online privacy policies take an average of 10 minutes to read. Some take as long as 42 minutes to peruse in full. If every person in the U.S. who uses the web read every privacy policy for the sites they visit, it would represent a total reading time of about 44.3 billion hours per year.
Ars Technica’s Nate Anderson wrote in an October 8, 2008, article that reading every privacy policy we encounter would cost $365 billion in lost leisure and productivity time each year – that’s about $3,000 per person. Eight years later, The U.S. Federal Trade Commission has decided it would be a good idea to examine the efficacy of privacy policies as well as the ad industry’s self-regulatory privacy code represented as the AdChoices icon.
(By the way, calling the boilerplate disclosures sites post about their use of personal information “privacy policies” is a complete misnomer – they are more accurately called “privacy-destroying policies” because they grant the sites and their advertising partners carte blanche to collect and use your private data however they please.)
If you’re unfamiliar with the AdChoices icon, you’re not alone. As Wendy Davis explains in a May 25, 2016, article on MediaPost, it’s a blue-triangle icon with a small “i” in the middle that’s supposed to indicate at a glance that online behavioral advertising is used on the site. Clicking the icon leads to a page where online behavioral tracking is explained, and you’re given the option to opt out. At least that’s how Davis explains it. I couldn’t find a site using the icon so I could confirm this fact for myself.
Davis cites a study by ad agency Kelly Scott Madison that found fewer than 10 percent of Internet users know what the icon stands for, even though the icon is displayed on sites one trillion times each month. Davis concludes that consumers “don’t have the slightest idea” what privacy policies mean. A 2015 Pew study indicates that 52 percent of people in the U.S. think that when a site publishes its privacy policy, it means that the site keeps the private information it collects about its visitors confidential. As I mentioned above, just the opposite is true.
Facebook’s legal challenges continue to pile up
The most secure job in the world has to be in-house counsel for Facebook. Exhibit A is the class-action suit brought against the company by a group of users who charge Facebook with converting the links they sent via private messages into public “likes” that generated revenue for the company. Consumerist’s Chris Morran reports on the case in a May 20, 2016, article.
Facebook needs lots of “likes” to fill its coffers, so if you sent someone a link in a private message to a site, whether you liked the site or considered it terrible, that link was transformed by Facebook into money-making “like.” In addition, Facebook is charged with sharing information in private messages with third parties. As Morran points out, even if the plaintiffs win the case, they won’t receive any money from Facebook, although the company will be forced to stop its scraping of private-message content for public sharing.
Speaking of Facebook scraping, a new service for landlords in the UK promises to scrape the social-media accounts of would-be tenants to give the lessors background information on the applicants. As the Verge’s James Vincent reports in a June 10, 2016, article, Score Assured’s new Tenant Assured service lets landlords submit requests for scans of the public posts and private messages on social-media accounts of prospective tenants. The sites scanned included Facebook, Twitter, LinkedIn, and Instagram. Vincent notes that some of the information collected is protected by U.S. housing discrimination laws, which could make such scraping services “legally exposed,” according to a source Vincent quotes.
Perhaps the greatest legal challenge facing Facebook is the continuing case in Europe charging the company with violating European privacy laws. Tech Crunch’s Natasha Lomas writes in a June 13, 2016, article that the case has already led to Europe’s Safe Harbor regulations being scrapped as insufficient for protecting the flow of confidential consumer information to third parties in the U.S., which violates European privacy laws. The proposed substitute for Safe Harbor, called Privacy Shield, is roundly criticized by privacy advocates as possessing the same flaws that doomed Safe Harbor.
Now the U.S. government has asked the Irish court hearing the Facebook suit to join as an amicus curiae, which the plaintiff in the case, Max Schrems, claims is an attempt by the U.S. to defend the country’s surveillance laws in a European venue. The U.S. surveillance regulations are the source of the conflict with European privacy rules, according to Schrems.
Time to opt out of Facebook behavioral ads – again
Speaking of Facebook privacy, the company recently implemented a new “service” that may opt you back in to behavioral advertising if you previously opted out. Dave Carroll, Associate Professor of Media Design at Parsons School of Design, writes in a June 1, 2016, article on Medium that he discovered his Facebook settings had him opted in to receive ads based on his online behavior even though he had previously changed the setting so he wouldn’t receive such ads.
Carroll wasn’t the only one to encounter the unwanted change. Facebook insists it didn’t change any settings, but rather it added a new “control” that by default opts you into receiving behavioral ads. As Carroll points out, Facebook requires first that users learn about the new “control” on their own, and then take the time to deactivate it manually, even if they previously opted out of behavioral advertising. (Carroll also pointed out to the company that many of the links in its privacy policy were broken. Shows you how important privacy is to Facebook.)
The change is more than an inconvenience for privacy-protecting Facebook users. It may violate the FTC Consent Decree (pdf) the company agreed to as part of its settlement of previous privacy complaints lodged against it. The Consent Decree requires that Facebook “obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences.”
If you’d like to opt out – again, in some cases – of Facebook’s behavioral advertising, Wired’s Brian Barrett steps you through the process in a June 2, 2016, article. You gotta believe all those Big Brains at Facebook have already figured out umpteen dozen other ways to collect and capitalize on our private information – without us being any the wiser.
Rough weeks – What can you say? They happen, you move on, hoping the next one’s better. So, on I move….
Online ads are dangerous
Don’t believe me? Check out Joseph Cox’s June 3, 2016, article on Motherboard that describes how one researcher created a malware-delivering ad for Facebook in just five minutes. The researcher, Justin Seitz, had previously received a Facebook ad that led him not to the destination he expected, but rather to a fake ESPN site filled with “dodgy” ads for health supplements. Seitz explains that the fake Facebook ad could just as easily have led him to a site filled with malware able to compromise his machine simply by opening the page – no clicks or other overt actions required.
Yet there continue to be Chicken Little doofuses who claim ad blockers are the end of the Internet as we know it. One such is John Delaney of Morrison and Foerster LLP. Delaney writes in a June 6, 2016, article on JD Supra Business Advisor that “[t]he [online-ad] system worked well for two decades. And then along came ad blockers.” Delaney claims ad blockers cost online vendors $22 billion in lost revenue in 2015, citing figures from anti-ad-blocking vendor PageFair.
The fight against ad blockers is losing in courts on either side of the Atlantic. Every suit against them has ended with courts determining that ad blocking is legal. Delaney concludes that the best approach for advertisers is to craft better ads – ones that don’t intrude on the viewing experience and that don’t eat up memory and bandwidth, which is particularly important for mobile ads.
What Delaney completely misses is that many people are motivated to block ads not merely because they are annoying or resource hogs, but because they track us. Not once in his defense of the online advertising industry does Delaney make any reference to ad tracking. Yet loss of privacy is the number one reason people avoid signing up for Facebook and using other online services, according to results of a recent study conducted by Albert Nelmapius; he explains the survey results in a May 26, 2016, article on Business Day Live.
Nelmapius identifies the increased privacy risk as “a statistically significant barrier to those who don’t use Facebook.” In a May 27, 2016, article on The Drum, Fred Joseph, COO of advertising firm S4M, writes that the growing number of consumers using ad blockers is the result of the “creepiness factor” of ad tracking. This is especially true for cross-device tracking, which combines what you do on your PC with what you do on your phone. Joseph calls for FCC oversight of the industry to help put consumers at ease about the Big Brother aspects of online tracking.
FCC promises to take a closer look at online-tracking disclosures
Read any good privacy policies lately? If you have, you are a one of the very few. Back in 2008, Carnegie Mellon CyberLab researchers Aleecia M. McDonald and Lorrie Faith Cranor published a paper entitled The Cost of Reading Privacy Policies (pdf) that found online privacy policies take an average of 10 minutes to read. Some take as long as 42 minutes to peruse in full. If every person in the U.S. who uses the web read every privacy policy for the sites they visit, it would represent a total reading time of about 44.3 billion hours per year.
Ars Technica’s Nate Anderson wrote in an October 8, 2008, article that reading every privacy policy we encounter would cost $365 billion in lost leisure and productivity time each year – that’s about $3,000 per person. Eight years later, The U.S. Federal Trade Commission has decided it would be a good idea to examine the efficacy of privacy policies as well as the ad industry’s self-regulatory privacy code represented as the AdChoices icon.
(By the way, calling the boilerplate disclosures sites post about their use of personal information “privacy policies” is a complete misnomer – they are more accurately called “privacy-destroying policies” because they grant the sites and their advertising partners carte blanche to collect and use your private data however they please.)
If you’re unfamiliar with the AdChoices icon, you’re not alone. As Wendy Davis explains in a May 25, 2016, article on MediaPost, it’s a blue-triangle icon with a small “i” in the middle that’s supposed to indicate at a glance that online behavioral advertising is used on the site. Clicking the icon leads to a page where online behavioral tracking is explained, and you’re given the option to opt out. At least that’s how Davis explains it. I couldn’t find a site using the icon so I could confirm this fact for myself.
Davis cites a study by ad agency Kelly Scott Madison that found fewer than 10 percent of Internet users know what the icon stands for, even though the icon is displayed on sites one trillion times each month. Davis concludes that consumers “don’t have the slightest idea” what privacy policies mean. A 2015 Pew study indicates that 52 percent of people in the U.S. think that when a site publishes its privacy policy, it means that the site keeps the private information it collects about its visitors confidential. As I mentioned above, just the opposite is true.
Facebook’s legal challenges continue to pile up
The most secure job in the world has to be in-house counsel for Facebook. Exhibit A is the class-action suit brought against the company by a group of users who charge Facebook with converting the links they sent via private messages into public “likes” that generated revenue for the company. Consumerist’s Chris Morran reports on the case in a May 20, 2016, article.
Facebook needs lots of “likes” to fill its coffers, so if you sent someone a link in a private message to a site, whether you liked the site or considered it terrible, that link was transformed by Facebook into money-making “like.” In addition, Facebook is charged with sharing information in private messages with third parties. As Morran points out, even if the plaintiffs win the case, they won’t receive any money from Facebook, although the company will be forced to stop its scraping of private-message content for public sharing.
Speaking of Facebook scraping, a new service for landlords in the UK promises to scrape the social-media accounts of would-be tenants to give the lessors background information on the applicants. As the Verge’s James Vincent reports in a June 10, 2016, article, Score Assured’s new Tenant Assured service lets landlords submit requests for scans of the public posts and private messages on social-media accounts of prospective tenants. The sites scanned included Facebook, Twitter, LinkedIn, and Instagram. Vincent notes that some of the information collected is protected by U.S. housing discrimination laws, which could make such scraping services “legally exposed,” according to a source Vincent quotes.
Perhaps the greatest legal challenge facing Facebook is the continuing case in Europe charging the company with violating European privacy laws. Tech Crunch’s Natasha Lomas writes in a June 13, 2016, article that the case has already led to Europe’s Safe Harbor regulations being scrapped as insufficient for protecting the flow of confidential consumer information to third parties in the U.S., which violates European privacy laws. The proposed substitute for Safe Harbor, called Privacy Shield, is roundly criticized by privacy advocates as possessing the same flaws that doomed Safe Harbor.
Now the U.S. government has asked the Irish court hearing the Facebook suit to join as an amicus curiae, which the plaintiff in the case, Max Schrems, claims is an attempt by the U.S. to defend the country’s surveillance laws in a European venue. The U.S. surveillance regulations are the source of the conflict with European privacy rules, according to Schrems.
Time to opt out of Facebook behavioral ads – again
Speaking of Facebook privacy, the company recently implemented a new “service” that may opt you back in to behavioral advertising if you previously opted out. Dave Carroll, Associate Professor of Media Design at Parsons School of Design, writes in a June 1, 2016, article on Medium that he discovered his Facebook settings had him opted in to receive ads based on his online behavior even though he had previously changed the setting so he wouldn’t receive such ads.
Carroll wasn’t the only one to encounter the unwanted change. Facebook insists it didn’t change any settings, but rather it added a new “control” that by default opts you into receiving behavioral ads. As Carroll points out, Facebook requires first that users learn about the new “control” on their own, and then take the time to deactivate it manually, even if they previously opted out of behavioral advertising. (Carroll also pointed out to the company that many of the links in its privacy policy were broken. Shows you how important privacy is to Facebook.)
The change is more than an inconvenience for privacy-protecting Facebook users. It may violate the FTC Consent Decree (pdf) the company agreed to as part of its settlement of previous privacy complaints lodged against it. The Consent Decree requires that Facebook “obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences.”
If you’d like to opt out – again, in some cases – of Facebook’s behavioral advertising, Wired’s Brian Barrett steps you through the process in a June 2, 2016, article. You gotta believe all those Big Brains at Facebook have already figured out umpteen dozen other ways to collect and capitalize on our private information – without us being any the wiser.