Federal agencies, in an attempt to protect our online privacy, are calling for strict "Do Not Track" legislation. Yet the use of online tracking during the 2008 elections is well documented. And at least one source says that online tracking is already in place for the 2012 campaign.
So is "Do Not Track" good or bad? Or are you indifferent to the whole thing?
Let’s start by defining online tracking. The Electronic Frontier Foundation (EFF) has a straightforward definition:
“Tracking is the retention of information that can be used to connect records of a person's actions or reading habits across space, cyberspace, or time.”
Sounds ominous. Yet the EFF hastens to point out there are times when tracking our whereabouts on the Internet can be helpful. For example:
- Making return visits to a Website convenient, by remembering previous viewing parameters
- Simplifying online transactions by retaining information about selected items while allowing users to continue shopping
- Preventing fraud (e.g., malicious copy-cat Websites)
- Facilitating response to security incidents
Take a second to consider this: The group fighting everyday to protect our privacy feels that certain types of online tracking are beneficial.
It helps me to think of this type of tracking as “remembering.” Actually, that’s exactly what it is. And simple remembering is benign. That’s because a first-party relationship is preserved. Michael Hanson of Mozilla Labs explains:
A first-party relationship is established between a web user and a website with the user's awareness, and presumably, consent. In the most obvious cases, this relationship involves creating an account and logging in to a site.
I can just hear my colleagues: “OK, Kassner, what gives? For years, you have been telling us that tracking is bad.”
Well, there is a dark side. It consists of relationships based on third-party tracking. Once again, I’ll let Mr. Hanson explain:
A third-party relationship is one that exists between a web user and some website because of actions taken by another website. When a user visits a new site, which directs the user's browser to open an image from an ad network's site, the relationship is third-party. In many cases, the user does not know that the relationship exists. [Emphasis added.]
The bold phrases above are hints. Something is messing with our Web browsers. Google’s DoubleClick cookie is a prime example of a third-party relationship:
When users visit a partner's website and either view or click on an ad, a cookie may be dropped on that end user's browser. The data gathered from these cookies will be used to help better serve and manage ads on the publisher's site(s) and across the web. [Emphasis added.]
Ever wonder how a Website you visited for the first time knows to serve ads from a Website you were just at? You can thank third-party tracking. The process is officially called behavioral or targeted advertising. Based on collected data (browsing habits, search queries, and Website history), advertisers can serve up relevant ads for your viewing pleasure.
To many that’s OK. If they have to view ads, they would prefer them to be of interest. I can’t argue that point.
I do have concerns, though: What else is done with the data? How is it protected? These are concerns I addressed in my previous blog, Why 'Do Not Track' May Be a Waste of Time. The EFF shares my apprehension and is exploring the legal issues surrounding online tracking:
EFF views online behavioral tracking as a serious privacy issue for a simple reason: much user activity on the Internet is First Amendment activity—reading, speaking, associating with others—and we should therefore understand it as highly sensitive in terms of intellectual, expressional, and associational privacy.
What I’d like to see are choices. Let me decide whether online tracking is something I want to allow or not.
In my previous Internet Evolution post cited above, I mentioned Dr. Arvind Narayanan and his associate, Jonathan Mayer. They are working on a potential solution. And the Federal Trade Commission recognizes this approach as being effective and simple to use. Stay tuned.
— Michael Kassner is a writer and consultant specializing in information security.