Over the past two days I watched the ridiculously boring, long and informative NYTimes Open video on privacy and personalization
that is nicely recapped here
As if on cue, as soon as I finished the slog, I noted Opera's beta release of a new Do Not Track
At one point in the video, the lawyer, gave a rather hardcore example of "how things have changed" when he read aloud the business card he'd been given on a train ride recently. He read this poor chap's phone number (though the Times muted the last few digits). He was demonstrating how in the past that gent didn't have to worry about handing out his business card because technology was so fundamentally different.
So, now some jackwagon can put your personal information out on the Internet for all to enjoy (even if only 72 people had, as of yet, suffered through the long video) but most people wouldn't expect that. They'd expect you to use it for it's designed purpose: facilitating future personal contact.
The Times Blog synopsis left out one important point -- this idea that we in America have a strong desire to be able to reinvent ourselves. I don't recall who made this point but they also brought up the first amendment issues (in terms of "being forgotten" how much can you demand of others to excise information they have about you that is part of the "public record").
Let me get straight to my point.
I don't have an issue being tracked, so much as I have issues with how that data is used. In other words, if you locked a GPS ankle tracker onto me but then directed all that data into a dev/null
black-hole then who cares?
So, I checked out Opera's new "Do Not Track" feature, described at this site DoNotTrack.us
, which links to the actual specification
Reading the specification, it states:
The Do Not Track HTTP header, "DNT", must take one of two values: "1" ("opt out") or "0" ("opt in"). All other values are reserved.
The only two options are to opt out totally or opt in totally. Where's 0.5? Where's in the between?
What do I mean?
Well, let's take a real world example. Facebook Apps.
The typical Facebook application asks for a lot if you want to use it -- by default the "basic information
name [your name]
first_name [first name]
last_name [last name]
That ID is unique across the entire Internet, so an application that see's you once can remember you forever. Often times that request for basic data includes birth date, location, and more (The NY Times asks for
"birthday, education history, groups, hometown, interests, likes, location, website and work history" + the basic info above).
That's more information than they get when you subscribe to their newspaper! (It would have been interesting to ask the NY Times about their data usage and retention policies considering how much they collect.)
So the NY Times is giving me a choice of either using their app or not. It's an all-or-nothing proposition. Here's the thing, though, I don't actually care if they have certain statistical information about me such as my age range, my general location, my work industries, my general education background, my likes or dislikes, my time-zone or my gender. Why? Because I understand there's a trade-off. They can use that information to target advertising and hopefully provide a customized user-experience. If they can charge $10 to advertise to me instead of 10¢ then I can respect the trade-off.
However, I do have a problem with name, DOB, and Universally Unique ID. Why? Because that information is personally identifiable. Then I have to trust the New York Times to have my best interest at heart, good data retention policies, good security infrastructure (not to mention policies and procedures), and responsible employees. All of a sudden it matters.
There's no in-between. With Facebook or the Do Not Track specification.
I WANT THE GOLDILOCKS VERSION!
I want the personalization, the relevant ads, the customization and the "laser targeting" of data but without having to commit the "forever" personally identifiable data.
For the vast majority of the world, that's exactly
what they want as well -- though they might not put it that way.
There are some very evil thing that can be done with behavioral tracking, statistical analysis and greed but this is nothing new. When businesses raise rates for the "in season" travel, charge different rates for locals, or otherwise 'maximize' their profit based on their unique situation (oh, to be a water dealer in the desert). That is, however, a separate sort of discussion because even if you were to implement this "Do Not Track" option there is still a specific, exemption: "Data that is, with high confidence, not linkable to a specific user or user agent." (draft-mayer-do-not-track-00 9.3.3)
For example, you can still use IP Geolocation
Again, I don't particularly mind if some website has my location so long as they don't save that information or use it to discriminate against me. That is a problem. Serving local ads, okay, cool. Showing me inflated prices for products or denying me discounts, not cool.
If we neuter the data, then there's inherently way less risk in sharing it.
I would call this the Goldilocks Data Privacy. Just right. I'd gladly give the reputable NY Times the ability to track me in return for access to their excellent content supported by targeted advertising as long as it wasn't personally identifiable and I could, on my side of things choose to disappear (e.g. delete my cookies).
What I don't understand is why this option isn't being explored? Why is always a choice between "opt all the way in" or "opt all the way out." Why isn't the FTC investigating Facebook for using "Universal Internet user IDs" instead of 'application specific user IDs' which would be inherently protect user privacy?
The point is, I don't want to opt-out, I want to opt-in to a better system. Developers could take care of most of the data privacy concerns by simply working very hard to simply disassociate individuals from personal identification (aka privacy through anonymity).
This is not a trivial problem but it is (a) a technical problem, (b) way easier than the seemingly ineffable "good privacy" and (c) has a chance of being solved.
This seems like more usable privacy.
One final note. I was originally going to note that clearly "first party" websites like social-networking, banking, credit card purchases, insurance, etc. would need to be able to create that "personal link" but really they'd do better to move away from that model and keep transactional data separate from personally identifiable data.
For example, single use credit card numbers
or PayPal's limited data sharing.
The goal is to keep someone from taking one little piece of information about you (e.g. name) and connecting it to all
the other information that exists about you online.
Let's belabor the point. [[ maybe i should break this into two posts? ]]
Unique Personally Identifiable Data Points:
Full Home Address
Date of Birth
An Image of Your Face
Facebook ID (as it links to the above)
Credit Card Numbers
Tracked Geographic Data
Such data should, in general, should never be shared without explicit red-flag consent for a legitimate need. Facebook could act as a universal-single-sign-on option if it used application-specific user-IDs but did not provide the above information as the 'price of admission.'
This would result in a win-win scenario. The user keeps their personal information private while the third-party application or site gains valuable demographic data and track an individual across sessions. This would not benefit entities that wish to actually target identified individuals personally but in general we can consider them in league with Dr. Evil.
Why in league with the Dr Evil?
By sterilizing individuals on the Internet and turning them into anonymous entities we can avoid the problems incumbent with much of dangers of information sharing.
What are the dangers?
Well, we can divide it into three rough categories:
1. Embarrassing: So your parents see you ________.
2. Economic: So your boss see's you ________.
3. Endangering: So the cops see you _________.