Forgot your password?
typodupeerror
Privacy Advertising Government Your Rights Online

Online Ads, Privacy Remain In FTC Crosshairs 95

Posted by samzenpus
from the tracking-is-the-governments-job dept.
AC95 writes "The FTC wants to give users a browser-based tool for opting out of online behavioral tracking, a proposal that has privacy advocates cheering and online advertisers up in arms. A key issue, says FTC attorney Loretta Garrison, is that while most consumers know they're tracked online, they don't fully appreciate how much information is collected. Tim O'Reilly, founder and CEO of O'Reilly Media, worries about knee-jerk legislation criminalizing mistakes that are an inherent part of applying any new technology."
This discussion has been archived. No new comments can be posted.

Online Ads, Privacy Remain In FTC Crosshairs

Comments Filter:
  • Mistakes? (Score:4, Insightful)

    by Serenissima (1210562) on Wednesday September 08, 2010 @06:13PM (#33515094)
    Really Tim O'Reilly? Maybe criminalizing mistakes that affect the identity of citizens MIGHT make you more aware so those mistakes don't happen again.
    • Re: (Score:3, Informative)

      by Andorin (1624303)

      Troll mod? Really? The parent is 100% correct. I certainly wouldn't sleep as well at night if I knew that a business that fucked up with any personal data they had on me could get away with it by calling it a "mistake."

    • by Jawnn (445279)
      What he said...
      Look, Tim. I'm all for the industry being able to track behavior and make money off of it, as long as the users are fully and completely informed of the terms of the agreement. The ads pay for much of the content that we get for free, I understand that, but you have to treat the users, your partners in that revenue stream with a hell of a lot more respect and consideration than we have seen to date. The sneakiness with which you have been doing this only confirms what the FTC is suggesting
  • You can stop trackers if you use Firefox. I use Ghostery but you could also use No script and block everything.
    • by similar_name (1164087) on Wednesday September 08, 2010 @06:56PM (#33515364)
      What about tracking the IP? I use Linux and my roommate uses Windows. I have had to search for drivers and technical information many many times for Linux. One weekend I reinstalled Windows for my roommate. On a fresh install under Windows I began to search for drivers. Google's results kept taking me to sites for Linux drivers.
    • Isn't that what AdBlock Plus [mozilla.org] is for?
    • Re: (Score:2, Insightful)

      by sexconker (1179573)

      You can stop trackers if you use Firefox. I use Ghostery but you could also use No script and block everything.

      Unfortunately, people want sites to function.
      Standard practice with No Script is:

      10: Notice blocked items
      20: Click No Script icon
      30: Click "Temporarily allow all this page"
      40: If page works, GOTO 60
      50: GOTO 10
      60: Success

    • I'd use noscript but I want the internet to work. Seriously, I like protection and stuff but that thing is overkill. blacklist-based ad blockers are a million times better and a billion times less annoying.
      Plus, don't you think that the people wise enough to use this opt out option are also the type that never ever ever read or click on anything in a web ad anywhere ever? And the people too lazy or gnerally unwise or lacking internet knowledge are the types that click on ads all the time. So what do th
      • I'd use noscript but I want the internet to work. Seriously, I like protection and stuff but that thing is overkill. blacklist-based ad blockers are a million times better and a billion times less annoying.

        I use noscript because I want my machine to keep working. The time cost of allowing specific sites as needed is more than offset by the time savings in general internet speed and not dealing with the ramifications of getting nailed by the latest drive by rootkit.

        I fully understand that this is less of an issue in Linux and Mac environments, but I still primarily live in a Windows world. Firefox and NoScript is (imo) a no brainer there.

  • An orgy of data (Score:5, Interesting)

    by Itninja (937614) on Wednesday September 08, 2010 @06:38PM (#33515236) Homepage
    If you can't fight it, exploit it. I have actually gotten some pretty cool (free) stuff by misrepresenting myself to various sites online (up to the legal limit, of course).Everything from free Amazon gift cards, to free electronics. I even got a free mobile phone (with service paid for 6 months) once because I claimed I had a business with over 100 employees and that I made over $100K yearly (that was back in 1998 when phones were pricier and I only made about 1/3 of that). Free magazine subscriptions, free enterprise web hosting, free lawnmowers, it's all there for the taking for those willing to game the game.
    • by TubeSteak (669689)

      If you can't fight it, exploit it. I have actually gotten some pretty cool (free) stuff by misrepresenting myself to various sites online (up to the legal limit, of course).

      There is no legal limit.
      Theft by fraud is still theft even if they're giving things away for free.
      Try googling for Theft by deception [google.com] to read various State laws.

      • by Itninja (937614)
        According to the US Law definition, what I do is not theft and is not fraud. All I do it lie to marketing companies and get (completely unsolicited) giveaways from them; sometimes expensive ones. The ToD laws always specifically indicate something like this: "The term 'deception' does not include falsity...or statements unlikely to deceive ordinary persons in the group addressed". Those are the kind of statements I make. I never portray the info as if it were legit; only an automated and brainless process
  • by Jane Q. Public (1010737) on Wednesday September 08, 2010 @06:39PM (#33515248)
    Opt-out is better than nothing, but it's a pansy-assed attempt to keep industry "involved". Opt-in is really the only logical solution to privacy issues.
    • by hedwards (940851)
      Which the industry hates because most people would never know to opt-in, or really opt-out. Meaning that if it's opt out that's the status quo for most people.
    • Opt-out is better than nothing, but it's a pansy-assed attempt to keep industry "involved". Opt-in is really the only logical solution to privacy issues.

      I'm a big proponent of "opt-away" myself.

      I don't like giving information out, so I minimize it. If some site wants to track me in some non-trivial way, I stop using the site.

      • Re: (Score:3, Insightful)

        by compro01 (777531)

        If some site wants to track me in some non-trivial way, I stop using the site.

        And when it becomes "industry standard", what then?

        • by TubeSteak (669689)

          And when it becomes "industry standard", what then?

          Which is pretty much what DoubleClick and Google Analytics have become.
          They are everywhere

        • by rts008 (812749)

          If some site wants to track me in some non-trivial way, I stop using the site.

          And when it becomes "industry standard", what then?

          Then I/we[1] will continue to use Firefox* with the 'better privacy, noscript, and adblock+ extensions(for some,also throw in flashblock); they are your friend!
          *(or something similar: Opera, Chrome or Chromium, Iceweasel, Konqueror, etc., that have equivalent capabilities)

          When that doesn't work, or 'breaks' most of the internet, then we'll go back to pre-internet PC[2] usage...but I doubt it would come to that.
          There are too many examples in the whole of hum

  • Very Muddy Waters (Score:5, Insightful)

    by Swanktastic (109747) on Wednesday September 08, 2010 @06:44PM (#33515270)

    It's hard to be objective about whether to want to protect my privacy or not given I have zero idea of what Google's profile of me looks like. I imagine everyone has some threshold level where they say "Enough is enough, I'm not willing to sacrifice THAT info for free services." I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile. Without better specifics in the hands of the populace about the level of personal details, it doesn't seem to me that a fair level of regulation can possibly be drafted by public officials.

    • Re: (Score:3, Interesting)

      by Kirijini (214824)

      I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile. Without better specifics in the hands of the populace about the level of personal details, it doesn't seem to me that a fair level of regulation can possibly be drafted by public officials.

      Yes.

      An easy regulation that doesn't require google or other online businesses to change their business model (much) would be to simply require them to release all collected data on a user to that user on request (while also making sure that the information is provided securely and confidentially). Attach some kind of civil (rather than criminal, which would probably go to far) penalty, and allow users to sue, either as a class action, or individually. This scheme wouldn't prevent Google from collecting da

      • require them to release all collected data on a user to that user on request (while also making sure that the information is provided securely and confidentially)

        I believe I understand the theoretical basis of your proposal, which seems to be that consumers require perfect information to make correct decisions. That seems reasonable.

        However, businesses like Google typically have policies forbidding the release of any information to anyone outside the company, with some exceptions. What's more, most user information is probably already somewhat anonymized (For example, there's no need to store specific user information when calculating term frequencies or click

      • That's a start - but it could be better.

        Require any company that does tracking to provide an application to any user which lists ALL information in the profile with a simple button that can delete any entry from it - and a delete all button as well.

        This requires all of an hour's coding and one SQL statement in the background. It lets users choose what is tracked and trackable and clear any information they don't want tracked.

        Then: some kind of system to prevent at least some deleted entries from being retra

    • Re: (Score:1, Informative)

      by Anonymous Coward

      I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile.

      There's a lot of data stored, but I imagine it would be completely uninteresting to look at. You can see a summary of it here: https://www.google.com/dashboard/ [google.com]

      Google looks at all sorts of information about you personally, but when it comes down to it, it all just ends up as a bunch of meaningless (except to computers) numbers used to classify your preferences so they can show you better search results, or ads which you'll like better than non-targeted ads (and if you like them better, you're more likel

    • Re: (Score:1, Informative)

      by Anonymous Coward

      It's hard to be objective about whether to want to protect my privacy or not given I have zero idea of what Google's profile of me looks like.

      You might want to look at Google Ads Preferences: http://www.google.com/ads/preferences/

      It gives you insight into your profile, lets you opt out, and also provides a browser-based tool to allow that opt-out to persist after you clear your cookies.

    • by ginsudo (1897010)
      check out Bynamite - shows you what advertisers think you like - http://bynamite.com/ [bynamite.com]
  • by lavagolemking (1352431) on Wednesday September 08, 2010 @06:48PM (#33515300)
    Advertisers didn't like the idea of a do-not-call list to restrict telemarketers from calling/harassing consumers who didn't want to be bothered either, but people are still pretty happy with it. Now advertising companies are collecting (and even selling) a lot of personal data about consumers who don't even know such data exists, and advertisers are upset that the government might give them a way to opt out of their system. How is this any different? Also, I know this isn't how things are done in Washington, but in a democracy shouldn't the government be answering to its concerned citizens instead of just focusing on what makes things easy/profitable/convenient/one-sided for large corporations?
  • by ynohoo (234463) on Wednesday September 08, 2010 @06:58PM (#33515372) Homepage Journal
    I only accept cookies from sites I trust. Yes this sometimes causes problems on untrusted sites - which gives me further reason to not trust them! If a web designer does not anticipate "no cookie" users, their intention is to give your privacy a good shafting.
  • I'm not sure what that means in this context.

    If I tell you not to put any cookies on my machine, then DON'T.

    And don't sneak around to other websites to find my IP address, either.

    Just forget I ever visit more than one site.

    No mistake about that.

  • by speedlaw (878924) on Wednesday September 08, 2010 @07:11PM (#33515456) Homepage
    I got a taste of this when I went looking online for vacations. I saw "club med" ads on every page I went to for a good two weeks. It got really creepy after a while. I went away but NOT to Club Med.
  • I'm all for the FTC cracking down on online advertising and tracking. Who are we kidding though? Have you seen some of the stuff that happens offline? Has anyone taken a look at what Nielsen is up to? They have insane levels of demographic data available on EVERYONE. Every single one of us has already been pigeon holed and stereotyped based on our buying habits, where we live, what kind of car we drive, etc.

    Take a look at this.

    http://en-us.nielsen.com/content/nielsen/en_us/product_families/nielsen_clar [nielsen.com]

  • by scdeimos (632778) on Wednesday September 08, 2010 @07:36PM (#33515646)

    I'm all for the FTC/government cracking down on behavioural tracking, but how would such a system work and how could it even be policed?

    In the case of the Do-Not-Call system:

    • Individuals must register their telephone number with the government (in Australia, at least, you have to repeat this registration every 12 months)
    • The government then exports the list to the advertisers/marketers on a regular basis.
    • Advertisers/marketers are expected to integrate the list with their systems and honour its content.
    • If advertisers/marketers call a number on the Do-Not-Call list it's still up to the individual to complain to the government about it, and the government is expected to pounce on the advertiser/marketer if the number was registered more than 30 days ago.

    How would such a system translate to the web? (And I say the web as opposed to the internet as a whole, since the web seems to be where the battlefront is at the moment.)

    Possiblities:

    • Individuals have to register their IP addresses: fails because of dynamic IP address assignment at most ISP's.
    • Individuals have to create a special Cookie: fails because Cookies are only sent to their origin domain - you can't set one for *.com, *.edu, etc.
    • Special "X-Do-Not-Track: Yes" HTTP header: this could work but may be stripped by certain proxy servers enroute, rendering it useless. All browsers would have to be updated to include a UI preference that turns this on and off as well.

    What about enforcement? How can you tell if someone is tracking you? How can you provably report it to the government so that they can do something about it?

    Unfortunately it sounds like a bit of a pipe dream to me.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      It's so simple: no cross-site anything, period, all content displayed must be local to that site only.

      That means no cross-site CSS, no clear gifs/beacons from any other site, scripts cannot pull any content from other sites, if a domain owner has ownership over more than one domain then their site on one domain cannot pull content from another of their domains. Whatever else, if it comes from another site it must be clearly linked to that site, but that content cannot be pulled, included, or otherwise force

    • Unfortunately it sounds like a bit of a pipe dream to me.

      Unfortunately, it's far worse than that. We've all heard the phrase "When they outlaw xxxx, only outlaws will have xxxx". And of course, that exact logic applies here. Even once yahoo and google spend millions to comply with whatever craptastic regulation Washington makes, all the non-legit sites will continue to do whatever they feel like doing, and the average individual browsing the web will be just vulnerable as before.

      For people concerned with

      • by drcheap (1897540)

        The only way to really protect yourself is to learn how tracking systems work, and implement your own safety. In this case, it's pretty easy, just turn off cookies...lol.

        Yes, just turn them off, breaking legit functionality of many sites you frequent.

        It's okay though, because your healthy, no-cookie diet still won't make you thin because there is the cake that is being secretly injected right into your stomach [arstechnica.com] .

  • This is the least of my privacy concerns on the internet. Seeing ads for things I'm interested in is better than seeing ads for things I'm not interested in, right?

    I'd certainly change my mind in some unspeakable horror was revealed, but my default stance is not to hang too much importance on it.
    • by Sarten-X (1102295)

      Not alone at all. So what if the advertisers track me? If I'm doing something I don't want to be connected to me, I can use Tor and a different browser, and consider myself sufficiently clear. Any ties to my normal habits will be sufficiently remote to not greatly affect my normal experience.

      I, for one, welcome tracking and targeted advertising. As a true example, I recently realized that an uncomfortable number of my family games ended in arguments because of certain players screwing over other certain pla

    • Re: (Score:3, Interesting)

      by jpapon (1877296)
      I agree completely. Besides, it's just a good practice to assume that anything you do involving the interwebz is tracked and stored. If I'm up to shenanigans, or I need my activities to be secure, I make sure they're anonymous/secure to the best of my abilities. The Internet is a public arena, I find the claim that you should be anonymous all the time dubious at best. Besides, from my experience, anonymity tends to bring out the worst in people.
  • As long as individuals have the same right to spy as companies I have no issue at all with data collection. It is only when government of groups with privilege have powers that the public does not that there is a problem.

  • by CodeBuster (516420) on Wednesday September 08, 2010 @09:14PM (#33516284)
    I use and recommend Adblock Plus [mozilla.org], Better Privacy [mozilla.org], CustomizeGoogle [mozilla.org], Flashblock [mozilla.org], NoScript [mozilla.org] and RequestPolicy [mozilla.org]. This combination allows for extraordinarily fine grained control over what sort of information is tracked from session to session. Now, if you log into a site using an account controlled by that site then they are going to track some clicks regardless of what addons are used, but if you are logging in with a named account then you probably already knew that.
    • by arkenian (1560563)

      but if you are logging in with a named account then you probably already knew that.

      Which is an interesting point. As the web has more and more 'big players' how often are people 'logged in' without really paying attention to the fact because they're logged in for a different function and forget that the two functions are connected?

      I'm embarassed to admit that I'd forgotten how often I'm logged into gmail in another tab while using google search...

      • I'm embarassed to admit that I'd forgotten how often I'm logged into gmail in another tab while using google search...

        The precise source of said embarrassment is left up to the imagination of the reader...

    • by whitesea (1811570)

      I use and recommend Adblock Plus [mozilla.org], Better Privacy [mozilla.org], CustomizeGoogle [mozilla.org], Flashblock [mozilla.org], NoScript [mozilla.org] and RequestPolicy [mozilla.org]. This combination allows for extraordinarily fine grained control over what sort of information is tracked from session to session. Now, if you log into a site using an account controlled by that site then they are going to track some clicks regardless of what addons are used, but if you are logging in with a named account then you probably already knew that.

      I also use TACO. Why do we need government action, when all the tools are already here?

    • Another useful tool is ghostery http://www.ghostery.com/ [ghostery.com]
    • by assantisz (881107)
      I am confused about the FTC requiring opt-out tools. They already exist. You can go to the Network Advertising Initiative's website [networkadvertising.org] and opt-out. Sure, only members of this organization will recognize the opt-out cookie but most advertising and tracking services are members of the NAI. Then there are tools as OP mentioned. I'd like to add Bynamite [bynamite.com] as well.

You don't have to know how the computer works, just how to work the computer.

Working...