We are a commune of inquiring, skeptical, politically centrist, capitalist, anglophile, traditionalist New England Yankee humans, humanoids, and animals with many interests beyond and above politics. Each of us has had a high-school education (or GED), but all had ADD so didn't pay attention very well, especially the dogs. Each one of us does "try my best to be just like I am," and none of us enjoys working for others, including for Maggie, from whom we receive neither a nickel nor a dime. Freedom from nags, cranks, government, do-gooders, control-freaks and idiots is all that we ask for.
Our Recent Essays Behind the Front Page
Wednesday, March 28. 2012
The other day, a woman walked into a mall. She visited several stores, among them Macy's, Starbucks, Nordstrom's, an interior design shop, a paint store, and finally the Apple store.
She didn't buy in each one, but in cases where she did, she gave quite a bit of information about herself to the store in order to make her purchase. In fact, she gave quite a bit of information to each store and she didn't realize it. It wasn't long before she was inundated with coupons, offers, ideas for purchase, calendar of sales, and various other items related to her trip to the mall. It was as if she returned to her car and found all this under her windshield wiper. These coupons and offers were from the stores she visited, but from other stores that offered the same or similar products. At first she wondered, "Is someone following me?" At that point, her smartphone buzzed, and she had an email. Target was letting her know there was a sale on dresses from a designer she had recently purchased.
The mall the woman walked into was the internet, and there was somebody following her. But that somebody wasn't just one person. It was a large number of people. Faceless, nameless people collecting data on sites she visited so they could tell what she was interested in from her clicking, what online stores she visited, on her purchase decisions, whether she got to that store by clicking on an ad, as well as other data points. If this had happened in real life, as described above, how would you react? Certainly there are laws against this, you'd think? Not really. If I chose to sit in the mall and just pay attention to where you went, then visited each store to peek and see what you purchased, and then leave coupons on your car, you are limited in your ability to stop me. Laws exist to prevent stalking, but if I'm sneaky enough, you may never even notice me.
On the internet, this is happening every day. The tracking, in some cases, is persitent. There are cookies, dropped on your computer or on websites you visit, which may last up to 30 years. There are also pixels, little dots (more or less), that track what you watch and where you go, and relay that information back to a database. There are tags on web pages and ads that can drop cookies that last momentarily on your computer which send information from your computer, or your behavior on a site, back to a database. All this is happening and you don't notice...and hopefully you don't care.
Maybe you noticed, after you visited a paint store online, that your email box started serving Benjamin Moore ads. You may have thought this was probably just coincidence, right? Or after visiting a dress store online, Talbot's ads were suddenly appearing. Just luck on their part...
Not at all. This is deliberate, and plays a very important role in marketing known as 'recency'. The goal of advertising is to reach somebody consistently and build brand awareness and loyalty. Another goal is to generate leads for future purchase. Yet another is to generate direct sales now. Recency plays into all these goals. A directive of recency is to find somebody with a mindset geared toward purchase, and direct their attention to your product now! Another is to hit a consumer, when they are thinking of making a purchase, with a brand name, so they associate the desire to buy with the brand displayed.
Most publishers of websites are very wary of this behavior on the part of information collectors. Reputable sites limit the amount of this that goes on. All large well-known publishers deny the ability of data collectors to get Personally Identifiable Information (PII). If advertisers want PII, they have to ask you for it, and you have to provide it on your own, giving permission by filling out a form. Getting PII is known as 'opt-in'. All other forms of data collection, anonymous or semi-anonymous, are 'opt-out'. Why? Because opt-out is the best way to build a database, and as long as the data is mostly anonymous, who cares? The problem is that if you follow a user long enough, you can piece together almost a perfect picture of who that user is and what they like, all without PII. Opt-out information can work as well as opt-in, if you build the data properly, and you don't need anyone's approval.
All this information heads back to a database. Your name may not show up anywhere. All you appear to be, in their database, is a unique number which quantifies "computer X, a user who happens to enjoy football, basketball, home repairs, and is looking to buy a car, lives in zip code XXXXX, has children and is about 45 years old and male." Doesn't sound too threatening. An issue arises when those 'coupons, flyers, leaflets' and various other items start appearing on your computer in the form of advertising. They will be geared toward your behaviors, so you'll see ads for Home Depot, Stubhub, and the latest model cars offered at dealers lots. A little creepy, but they still don't know who you are. That is, they don't know you're Tom Smith. But they may know your IP address, which happens to belong to Tom Smith. If you think this is only happening online, you're wrong. It is, however, far more common online.
Where the rubber hits the road is when advertisers can start to link your name and your address to this information. This is happening, in a small way. Every time you get a form online that was prompted by a site you visit, and you willingly fill it out, that site or its advertisers collect your data and link it to other data they've already collected. They do this via a variety of methods, and one of the best is overlaying data from various resources.
Most reputable sites avoid this, and publishers are seeking to create guidelines and policies to limit data collection. Others are more interested in just making a buck. As a result, it's important to find ways to protect yourself, and hope the reputable web publishers can provide an extra layer of protection. Make no mistake, the government will not help, even if they want to. Even if the government were involved, you would not be pleased to know who is cozying up to the lawmakers. It happens to be data vendors who see their revenue streams in peril due to a potential privacy backlash. The government may make noise about providing protection to private citizens. Remember, there is no Constitutional right to privacy. We shouldn't have to expect the government to provide much in the way of protection aside from some words (they did a great job regulating other industries, didn't they?) and mild oversight. The fact is, the best source for protection are the sites themselves. Self-regulation is taken very seriously, as is enforcement. Part of my job is to shut down vendors who behave in a manner inconsistent with the policies we have in place for privacy and data protection.
If you click an ad which asks you to fill out a form, it goes without saying that you should do so only if you are absolutely sure who the advertiser is and why they are collecting that data. If you're asked to fill out a form and you haven't clicked an ad, definitely don't fill it out! Lord knows who it is or why they are collecting data.
Most sites make money by providing users with information and entertainment. It is important to many online publishers to generate your trust and loyalty. You may feel uncomfortable thinking they are looking out for your best interest, but most actually are. Unfortunately, you will have a hard time telling who those sites are, unless you're willing to look into their privacy guidelines and see if they are "OBA Compliant". This term means they are working under strict rules about privacy management. Rules that need to be much stricter, but are very good for now. Usually you can find out if they are compliant if they have a logo like this on their page somewhere:
In the end, it's worth remembering two things. First, the government may have strong words about protecting your online privacy, but if it gets involved it will set rules that benefit a politician's loudest and highest-paying supporters. Companies that play fast and loose have very high profit margins, and can afford good lobbyists. Secondly, while all companies are trying to make money off your behaviors, there are some which are more interested in just taking information from you than providing you much benefit in return. You can be sure that most large, reputable publishers will at least give you value back for the limited pieces of information they have collected. In the end, however, you still have to take steps to protect yourself because whether you're walking through a dark parking lot or browsing the web on your home computer, you still have to be aware of your surroundings.
Display comments as (Linear | Threaded)
Not to be snarky but I subscribe to "Do Not Track Plus" which informs me Maggies Farm allows 8 companies to track me when I log on.
That is pretty cool deal - finally, a Firefox plugin that actually does something useful.
I use Ghostery, which works pretty well.
I never see anything pop up on Maggie's when I visit, though I assume it could happen.
She's screaming "I found your name and number on the website and you're serving pornographic images to my child!!!"
I managed to calm her down, talked her through what was happening and she had the unfortunate knowledge to discover somebody was visiting less than savory sites and had downloaded a bot which overrode the ad serving of sites she visited. This is a very common theme at torrent sites, so if you have kids using 'illegal' downloads, you need to be very wary. (frankly, I hesitate to use the term illegal because I don't view peer-to-peer sharing, which generates no revenue, to be stealing much of anything. To me, it's as if a friend came over and listened to my albums, or I loaned it to him to put on audio tape.)
Anyway, the point is sometimes the stuff serving onto your computer is from your computer and placed there by malware of some nature. The New York Times actually dropped a little malware on me years ago (not to their knowledge - it came from an ad network they were working with....and I've never worked with ad networks since then) and I spent a weekend scrubbing my computer. Damn Liberals (all in jest...).
The truth is, the Liberals, the people who say they want to protect your privacy, are actually rigging things for the most dangerous purveyors of ads out there. Do Not Track Software will be useful, but it's an arms race - and someone is always coming up with something stronger and smarter. So no matter what legislation gets put in place, by the time it's a law, it's already outdated. They are making the malware bandits wealthier by default.
We've already run into this with our new 'Droid Bionics. I was frankly surprised at how interllinked the new 4G phones are with Twitter, Facebook, Google+ - all my contacts showed up from my Facebook account and Twitter feed - I don't have anything on Google+, but they keep constantly reminding me to get with the program on Google through my phone - which is mildly annoying. And I understand that Google is tinkering with a system that will play ads while your phone call is being connected - something called play through.
When I think back to the days when DEC had the world's very first ever Alta Vista search engine running, I never would have thought it would get to this level of sophistication.
I am convinced LinkedIn is somehow spying on my email. They have suggested contacts for me that they could get only by knowing whom I email. I wrote to them and told them to leave me alone and to quit suggesting I link to my husband's mother. I don't even want to email with her.
Me too. How's this for spooky:This is the message DNTP gives me in Linked In:
"LinkedIn is one of several companies that tracks you at millions of websites you visit without telling you. "
Also, I changed my e-mail in Linked In and immediately began receiving spam, after 10 years of no spam.
No idea how Maggie's "allows" anyone to be tracked. Nothing to do with us, I assure you.
Do Not Track Plus says Google Analytics and Sitemeter is tracking me. Don't know what that means.
Google Analytics and Sitemeter are benign. Well, theoretically.
Google Analytics attaches itself to pages everywhere so Google can provide Analytic data to sites. It helps them do search more efficiently. Not sure how it operates, but I believe they use spiders or crawlers to drop the stuff.
Sitemeter is Nielsen's version of the same thing. It's essentially benign. The idea is that should Maggie's ever choose to make money from it, both Nielsen or Google could provide the site data to earn income from advertising.
OK, so here's the really creepy stuff. If you have a Facebook account (as I do), Facebook is providing Nielsen with something called Online Campaign Ratings (OCR). It's an attempt to allow websites to align themselves with TV ad sales more efficiently. The concept behind it is that using data from Facebook, Nielsen can provide relatively accurate demographic data (age, gender, location) as well as other information, potentially (college grad?, career choice?, married?, etc.)
I find it all very concerning. Not that privacy is a right, after all. It isn't. Well, at least it isn't a right promised in the Constitution. It's more like a 'guideline' as Hector Barbossa would say. It worries me that all these simple tools are tracking us and while there are steps we all can take to make things a little more private - few people are adept enough to protect themselves effectively.
That's the eerie part, Bird Dog. A fellow who runs a survival site found out that for over a month the FBI was tracking his readers wherever they went on the web. They attached cookies without him knowing it. You can bet commercial interests are doing the same.
One can minimize the leakage by setting your browser to not accept third party cookies, using Ghostery or equivalent, to block all tracking and privacy cookies, setting your browser to delete cookies on exit, and exiting your browser every few hours.
Sounds like Doc Mercury needs to come give us a talking to about this stuff. Yo!! Doc!!
Every now and then I will google my commenter name just to see what comes up.
The last time I did that, I came across a facebook page for "wickerjig feeblemind" . What was unnerving about this was that wickerjig is an old eBay ID of mine and that I have never been to facebook. So was this some sort of computer generated facebook page? The page appeared empty with 1 "like".
Any ideas what's up with that?
No idea. Must be something very coincidental. I don't know that Facebook autocreates anything.
I just did a search on it and found the page, so it doesn't seem to be randomly created. Says something about MEHS high school and education at Hard Knocks.
Don't know if these mean anything to you.
Nope. Means nothing to me. Thanks for checking Bulldog.
But what are the odds? Just too weird. Wow.
Okay, Sam, here are my thoughts on the article and the subject in general:
1. I don't believe one word of the "woman walked into a mall" story.
2. It's not "spam" if you're interested in it. I was on Amazon the other day and, rather than throwing advertisements of 52" plasma TVs and sets of carving knives at me, the ads were based on my previous site visits and were actually OF INTEREST to me. How is that "spam" by any definition?
3. The most overblown hype of the whole issue is that "personal", quote, unquote, information is being passed along when you visit a web site. It's just SYSTEM information, like what browser and operating system you're using. Big deal. Your computer's unique IP address is being passed along, but unless you're the state district attorney and subpoena my address from Verizon, there's no way you'll pry it out of them. There are companies around that claim they can get an IP address for you -- for a fee, of course -- but they're bogus.
4. Every complaint I read about spam is from people who are using either crappy ISPs to save money or some freebie online company like HotMail. Using Verizon, I get about one spam a year. Ditto using Comcast before that and RoadRunner before that.
5. Receiving email ads from companies you've bought something through isn't "spam"; it's just good marketing and we'd do the same thing.
6. In regards to using online forms, where you actually do give out personal info, you should always use a 'throwaway' email address that you wouldn't mind losing in case it does end up on the spam merchants' list. Buying things should be done with a credit card reserved solely for online use from an account which normally doesn't contain much money. With most banks, making an online transfer from one account to another is instantaneous, so there shouldn't be any delay when wanting to make a purchase. You first transfer what you need at the bank's site, then order the item.
7. While I suppose "Most sites make money by providing users with information and entertainment" is technically correct (because you wouldn't be there in the first place if they weren't offering such), the way sites make money is from advertising, based on the number of hits the site gets. If Hot Air puts some outrageous New York Times article in its 'Headlines' and 638 people angrily comment on it, this is known as "Mission Accomplished" by Hot Air management. That's 638 more hits for the day, thereby allowing them to charge their advertisers even more on the next go-around.
8. I could give a shit if some company out there has placed a 'tracking cookie' on my computer and now knows that I visited Lolita's Porno Site and Jim's Discounted Software yesterday. If the next time I visit their site and they have ads targeted just for me for Yvette's Porno Palace and Bill's Incredibly Discounted Software, again, why is that a BAD thing?
If you absolutely MUST get rid of those evil tracking cookies, run CCleaner every time the computer boots up and tell it which cookies to save so you don't have to re-login every time you go to subscribed sites like this one that remember your user info.
Summation: IMHO, the entire issue of "online privacy" is massively overblown. Use a quality ISP and you won't get spam. Use common sense by employing a 'throwaway' email address and a credit card for just online use and you won't suffer any loss through identity theft. Use a quality anti-malware program like ZoneAlarm that checks out web sites, instantly notifies you if something's amiss and blocks any malicious download, and (along with not opening file-attached emails) your computer should remain virus-free.
I don't mean to devalue Bulldog's dire warning, but it seems a bit over the top. 99% of online problems can be avoided just by using a quality ISP, some good anti-malware software and some common sense.
As a professional in the space, Doc, I appreciate the additional advice you've provided, it's all good and mostly directionally correct.
However, here are the flaws.
First, the woman in the mall scenario is 100% correct. Our lawyers use this analogy frequently in their discussions, and it has actually come up in meetings with the FTC.
Secondly, quality ISP or non-quality ISP, you can get spam. I get it and I have a very high quality ISP. On the other hand, I also can usually tell where it came from. Whether you want to acknowledge this or not, just because you fill out a form doesn't mean it's not spam. I'll provide a great example in my own life.
My son is entering college. We filled out forms, lots of them. The Testing Board for SATs got some. Colleges got some. And so on. As you said, many of these groups engage 'good marketing' and I began to be inundated with "save money on college" emails. I sent most to the spam folder, deleted others, but they just keep coming. Whether I want them or not, it's spam. I do want to save money on college, but none of these things are going to help me - they are hoping to prey on unsuspecting folk who are wiling to shell out a few unknowing shekels thinking they are getting something of value in return. Usually, with many of these, it's not true.
I technically agree that if you're interested in it, it's "not spam". The question, however, isn't whether you're interested or not. It's who you're getting it from and why you're getting it. After a speeding ticket many years ago, I was inundated with emails AND snail mail from lawyers who wanted to take my case to the court. How did they get my email?
Easy. They were able to cross reference the data on my address with other databases until they determined they had my email address, all through information I willingly shared with other marketers who I was ACTUALLY interested in.
This goes further. You say it's only system data they are collecting. Well, not so fast. Your IP address can be linked directly back to you in many cases. Now, most marketers won't link back to you using this method, and my company's own rules make specific statements about how this data can be utilized once it is collected, and how long it can be held - we have a maximum life span of allowing data collectors to destroy data after 13 months.
As you point out, most of the stuff collected is benign (as I pointed out earlier to another commenter regarding Google Analytics and Sitemeter). But other stuff isn't. Particularly the Nielsen OCR data which is coming straight from Facebook. While some publishers (including my own) work with it, we are very wary of the information it is collecting the rules utilized to get it. We don't want to 'cross the line'.
Which, by the way, we could do very easily if we chose to.
Finally, publishers don't just make money by selling the 'hits' to their site. Hits aren't even a means of measurement anymore. In some parlance, I suppose it has meaning, but to us the real value lies elsewhere. And we have to derive that value by providing a value in return. Your example with Hot Air doesn't hold water. It's a correct example of how they may drive traffic, but not at all correct in how a reputable publisher earns revenue.
For one thing, it's extremely difficult to charge more from an advertiser on the internet, year over year. This is because ads rendered are constantly increasing (primarily because of disreputable providers of ad outlets), so advertisers push back with a "why should I pay more for yours when I can get the audience elsewhere" argument (which wins every time).
Secondly, they are trying to use the data to devalue the reputable sites and boost disreputable sites. If CNN has a valuable audience you want to reach as a marketer, and they charge a cost per thousand views of $10, but "Joe's News" only charges $2 per thousand, the marketer thinks "Joe's News" is a value. So those data markers are used to find as many of the CNN viewers on Joe's News as possible, using the logic that "If I can find them there, it's cheaper and just as good as on CNN". This actually isn't true at all, because context plays a huge role in how audiences respond to advertising, particularly online. As a result, reputable publishers are pushing hard to move away from the straight "ad served" model and selling the "ad viewed" model. In this context, the data collected isn't personal data, but simply whether or not an ad actually appeared on a screen, and for how long it was up. In addition, the data can tell if the window was on top (viewable) or behind (unviewable), whether the ad served was 'below the fold' (unviewable) or scrolled down into visibility (viewable). It can also tell if a disreputable publisher is serving an ad offscreen (this is very easy to do) and charging back to the advertiser as an ad "served" (well, it was, regardless of whether anyone saw it or not, so theoretically they can collect on it).
The idea of the new sale is closer to the TV advertising model. We don't know how many people are really in front of the TV screens, all we know is when an ad runs, it actually runs on a screen that may be watching that channel. The ad isn't run somewhere else where nobody can see it (which is currently how it works on the internet).
Directionally, yes, most of the data collected isn't going to 'hurt' anyone. But as we become more adept at collecting data, we're moving much faster to a world where it could very easily. You may not care who's following you to any salacious sites - and that's perfectly OK. But many people are worried.
More importantly to me, however, is that most people have no idea what's going on or how to deal with it. That's why your advice about masking your address or using certain tools is useful. As a professional, you know more of these tricks than the average person.
I guess I'm with the Doc. I thought I was the last person in America to be entirely unconcerned about online privacy. So someone sends me a bunch of coupons or ads? It's never bothered me. I filter my email and toss the junk every few hours. It's not as annoying as the junk mail in my U.S. mailbox, and even that doesn't bother me much. As for on-line ads, they annoy me only when they're too slow to load on my awful satellite connection.
The only thing I dislike is phone calls, but frankly I don't enjoy those much even from people I know, and I either filter them through an answering machine or hang up the instant I detect that distinctive background "call center" sound.
As for whether anyone is learning a dangerous amount of information about me, all I can say is that I doubt it very much. If it led someone to market something to me effectively, I'd be deeply surprised and a bit pleased. Most marketing arrives at my doorstep to find an extremely perplexed, uninterested consumer.
That's fine, and plenty of people feel this way.
On the other hand, it isn't just about marketing. Generally speaking, it's about the potential deluge. You may not mind the occasional spam - but if you got 300 pieces a day, you would.
A good example of this is the fact that I set up a separate Yahoo! account specifically for the purpose of doing online interaction. Each day, it's filled with 400 pieces of email.
My wife used to work in the Business to Business email space as a privacy officer. Part of her job was to clean lists which people opted out of, and to clear lists of non-responsive email addresses (not necessarily unused, discarded or broken, but email addresses which nobody responded from on a regular basis, which are considered 'no value'). The company often pushed back on this, because they were paid based on the number of emails they could send to, and culling the list of anything but opt-out was considered a loss of revenue.
More importantly, the issue at my level (large scale online publishing) is making sure agencies work with good players in the space. Not necessarily targeting you and Doc with good ads (some of the information I shared here is geared toward letting those who don't like it know their options), but targeting you with malware, spyware or other devices which are actually dangerous.
Some people think that's unlikely, but I can tell you there have been many cases of high profile publishers falling victim to malware deliberately placed (and sometimes unwittingly placed) by less than reputable vendors.
Online privacy, at a very top line level as you described, isn't the major 'problem'. It's what happens if you don't pay attention to the issue - the liberties which can be (and have been) taken.
On the other hand, just because you like being marketed to, and consider it a value, many others do not. I am personally ambivalent about it. If it happens, it happens, but I've already taken as many easy steps as I can to limit it simply because I don't like being followed anywhere - in my real life, or my online life.
The story about Target's ability to learn about people based on their purchasing decisions is food for thought. It's a legitimate use and value item from a marketing standpoint, but it's also very creepy. Imagine if, as happened in the article, you discovered your teen daughter was pregnant based on information sent to you by Target!
On the one hand - at least you found out. On the other, it sparks a discussion about how much marketers need to know about your family's life.
Does the Opt-out offer at the National Advertising Initiative have any effect?
There are a number of firms which provide the opt-out ability, and it's all part of the Principles of Self-Governance which most advertisers and publishers try to adhere to.
Of course, the limitation is what it is - I'm on the "Do Not Call" list, but I still get one or two calls a week. These lists provide quite a bit of value, but there's always a loophole for someone to keep doing what they do.