PRIVACY? CHECK: The U.S. Federal Trade Commission is urging makers of Web browsers to include a "do-not-track" feature that would let consumers opt out of having their personal information and preferences sent to online advertisers.
Image: COURTESY OF BODHI HILL, VIA ISTOCKPHOTO.COM
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
The Federal Trade Commission's (FTC) call for a "do not track" mechanism to be created to protect Web users' private information from being exploited by online advertising networks sounds good on paper, but implementing such a technology would be a thorny process. It is not because the technology is so difficult to create, but rather because most of the companies that make Web browsers are supported by or are themselves online advertising networks.
Google, Microsoft and Apple, for example, all have online advertising networks, whereas Mozilla and others get money from Google for search deals, Chris Soghoian, a privacy and security researcher in the School of Informatics and Computing at Indiana University Bloomington, said Wednesday at the "Future of Online Consumer Protections" conference hosted by the Consumer Watchdog advocacy organization in Washington, D.C.
Google, which makes the Chrome Web browser but also bought Internet advertising technology company DoubleClick in March 2008 for $3.1 billion, derives 90 percent of its revenue from advertising, Jamie Court, president of Consumer Watchdog, a Santa Monica, Calif.–based nonprofit formerly known as the Foundation for Taxpayer and Consumer Rights, said during his opening remarks Wednesday.
The FTC later that same day issued a preliminary staff report suggesting that one way to better protect privacy online is for Web browsers to feature a setting that enables consumers to choose whether to allow the collection of data regarding their online searching and browsing activities (ad networks such as DoubleClick and Microsoft's Atlas collect this data in order to provide more targeted advertising services). According to the FTC, the most practical approach would probably involve the placement of a persistent setting, similar to a cookie, on the consumer's browser signaling the consumer's choices about being tracked and receiving targeted ads.
Instead of a cookie plug-ins, however, browsers should come with a check box—perhaps part of the preferences menu—that sends a signal to ad networks that says, "leave me alone," said Soghoian, who until recently worked for the FTC as a technical advisor to the agency's Division of Privacy and Identity Protection. "It would not be difficult to get the browser-builders to build such a mechanism in," he said, adding that last year he helped to write a 20-line prototype program to do this called TACO (for Targeted Advertising Cookie Opt-out). "The difficult part would be to get the ad networks to support it, and I think that's where the FTC is going to need to play hardball."
If the FTC does not have the authority, Soghoian suggested, "I think Congress is going to need to give them that authority. I don't think the ad networks are going to voluntarily agree to support any strong mechanism unless their arms are twisted."
The Web site DoNotTrack.Us, a collaboration of researchers at the Stanford Law School Center for Internet and Society and the Security Laboratory at the Stanford Department of Computer Science, explains how a do-not-track mechanism might work: Whenever a Web browser requests content or sends data using HTTP, the protocol that underlies the Web, it can optionally include extra information, called a "header". Do not track simply adds a header indicating the user wishes to not be tracked.
Rights & Permissions
See what we're tweeting about
16 Comments
Add CommentYeah, Joan Gillman, we know how that self-regulating goes. These businesses who track your movement online are stalkers, or crooked lazy cops, or both. They should make it a crime to stalk people on line just like they do in the real world. Slap these business and fat lazy cops with a huge fine, say $500,000.00, and if they are caught doing it again a second time...jerk their business license and let them spend a couple of weekends in jail and make them register with a "stalkers registry" so other business will know to watch out for them. The rules that apply to business in the real world should also apply to them in the cyberworld.
Reply | Report Abuse | Link to thisI do find it a little ironic that this message is hosted on a website that is likely not only tracking me but even expects me to "log in" to access the service of posting a comment. Anyway, all services have to do to get around these obstructions is not offer any of their services if you have that opt-out option set. They just launch a popup that says something like "Do you wish to view the content on the page" which has a link to a page and a half of agreement legalese, which everyone is used to ignoring by now, that says it will automatically change your preferences to allow tracking cookies buried somewhere in the middle. I think there already exists the option in browsers to turn off cookies, but then you can't use half the web services you like. The do not call registry was a success, but I think the internet is currently a little too dynamic to fight effectively with legislation just yet. If you think of the time it took between when companies started telemarketing and the time it was more or less shut down, you are looking at a 50 year gap. Probably the only reason legislation could even be passed was that companies have cheaper and more affective advertising avenues with the advent of the internet. In other words, it was getting too expensive to pay all those telemarketers. They tried outsourcing to India and using computers to thin the cost, but it just angered people, reducing sales margins. I think the current model is to have software that can identify and remove the tracking cookies, closer to the Tivo/DVR arms race of technology against advertising. The counter stroke is product placement or super-short adds you can't really avoid. Maybe in 30 more years internet advertisers could be combated by legislation, but by that time advertisers will be using the in-home holographic product placement technology or something.
Reply | Report Abuse | Link to thisDon't forget that it is the ad revenue keeping the internet free.
Reply | Report Abuse | Link to thisSince I don't shop online, I've learned to ignore the ads - I don't even see 'em.
Silvrhairevil: couple of points - 1. the internet is not "free" as I pay about $50 per month for access, pay each year to maintain my web site hosting, et al, 2. We live in a world with less and less privacy. Companies that I do not know about or what they do my my information should not be permitted access unless I specifically permit it. We are too easily giving up our rights to privacy. One Supreme Court Justice said it succinctly - you're greatest right is the right to privacy.
Reply | Report Abuse | Link to thisHere's some information that you should read if you're concerned about your privacy on-line:
Reply | Report Abuse | Link to thisFlash cookies can also be used for a nasty trick. Advertisers can use them to restore regular cookies that you delete! Those tracking cookies you deleted may not actually be gone. They come back as fast as you delete them. That's why they've earned the nickname "zombie cookies."
Adobe does provide controls that help you manage or disable Flash cookies. But the controls can be confusing. You also need to visit Adobe's site to access the controls. Go to the Flash Player Settings Manager. You want to go to the Web site Storage Settings panel. Don't confuse this with the Global Storage Settings panel. We'll get to that one later.
You can get to the Web site Storage Settings panel two ways. There is a link to it on the left side of the page. You can also click the folder tab in the Settings Manager window. You want the one without the globe behind it.
Once there, you'll see a list of Flash cookies stored on your computer. You can browse through and select individual sites. Click the "Delete website" button to remove the site's Flash cookie. You can also click the "Delete all sites" button. This will remove all Flash cookies and other Flash data.
Courtesy of www.kimkomando.com
Flash Player Settings Manager
Reply | Report Abuse | Link to thishttp://www.macromedia.com/support/documentation/en/flashplayer/help/index.html
The do no call lists were successful primarily because their purpose was to prevent unsolicited callers from communicating with phone subscribers. Since their sole intent was to communicate (for purposes such as making sales pitches, etc.), preventing their direct communication with subscribers was all that was necessary.
Reply | Report Abuse | Link to thisTracking cookies and potentially more sophisticated forms of covert activity monitors have little need to overtly communicate with the 'subscriber' - in fact most are not aware that tracking is occurring. Since no response from the 'subscriber' is necessary for trackers to achieve their purposes, there's little incentive for them to cooperate with voluntary 'do not track' requests. Why would any tracking software pay any attention to the request for voluntary cooperation, no matter how it's implemented? What would incent advertisers or any other trackers to stop tracking?
I completely support the effort to get the advertisers/trackers under some kind -any kind- of rational control, but I suspect it's a lost cause. The ad industry, which has made our society number 1 in human history in lies per second, has enough money to buy all the republicans and half the democrats in congress. And I don't mean to suggest that the dems are more expensive.
Reply | Report Abuse | Link to thisI think you are WAY behind the curb, picking up regular news outlets to make a story. There is some crazy technology and programing out there that can piece together browsing habits based on all kinds of obscure things.
Reply | Report Abuse | Link to thisAdditional: I use google search as a spell checker. That ruins any ad company from easily tracking my habits with search terms.
Reply | Report Abuse | Link to thisThere are a number of problems:
Reply | Report Abuse | Link to thisJurisdiction: OK, let's say the FTC makes a rule or the US Congress makes a law that offers users an option to "not be tracked". How is that going to be enforced by a ad network based in China?
Tied to methodology: Cookies are not the only way to track a user. If all links went to a "clearinghouse", with a redirect to the content requested by the user, the "clearinghouse" can grab (at minimum) the IP address of the requestor. The only way I'm aware of to defeat this is to hide behind a proxy; then the proxy's IP address is used rather than the users. If every user has a "personal proxy", this offers no protection... the only protection afforded is if multiple users use the same proxy, in effect, "getting lost in the crowd".
Begging the question: Why is privacy important? Why does it matter if anyone knows that I am surfing Scientific American and reading this article?
If you are serious about privacy, wear a mask when you leave your home, obscure your license plate when you drive on public roads (actually, don't... that's illegal) and pay in cash for everything. Retailers will track your purchases by your credit cards.
Based on my debit card/credit card utilization, it would be easy to figure out that I recently saw a particular movie, shopped at a particular supermarket where I purchased certain products, purchased gasoline from a particular station. Using data from EZ-Pass, it would be very easy to determine my usual route to and from work and the average speed at which I drive.
Does it matter than I prefer Levi's purchased at The Gap to Wrangler purchased at Walmart? Wheaties to Corn Flakes? Store brands to brand names? Not to me.
I don't pretend that it doesn't matter to the marketers who seek to influence your purchasing decisions; but I also don't pretend that they exert more control over my purchasing decisions than I do.
I think all good points.
Reply | Report Abuse | Link to thisI also think that most advertising is less effective than currently thought although it funds most web sites and most forms of media entertainment. The may catch on some day...
By the way, if your car insurance company constantly advertises everywhere and their greatest operating expense is advertising, how much of their revenue can they be spending for customer support and repair claims?
Do you really want your car insurance premiums to be spent mostly on advertising?
The problem isn't so much the tracking. The real problem is hosted advertising. Most sites subscribe to hosted advertising as a revenue stream. This means that they have no idea what each ad does. Historically most ad servers were malware attack platforms. An advertisement that is physically coded into the page on the actual web site rather than cross site hosted is much less likely to have putrescent scumware embedded in it.
Reply | Report Abuse | Link to thisI set my browser to only allow white listed sites. Miscrosoft harasses me by demanding that I click a button for each scumware site I don't want to see every single time a given scumware site comes up but it keeps out 95% of advertising and I haven't had any scumware attacks in 3 years.
Hosted advertising is certainly a web page performance issue: displaying a web page does not only require a successful transaction to the web page host, but to all advertisement servers referenced by the web page server. Since advertisers seek to maximize their accesses, their server are subject to resource contention, producing performance 'bottlenecks'. Anything for the customer...
Reply | Report Abuse | Link to thisThanks for this. I noticed that www.whitehouse.gov and www.democracynow.org were in the list, along with a number of others that I would not like to have others to have common knowledge about.
Reply | Report Abuse | Link to thisI just don't want my computer to store their records for them, and don't want their cronies to have access to their cookies. I don't want per-session cookies that I DO allow shared with other domains. That's not so difficult, is it?
Reply | Report Abuse | Link to this