Online Ads, Privacy Remain In FTC Crosshairs

AC95 writes "The FTC wants to give users a browser-based tool for opting out of online behavioral tracking, a proposal that has privacy advocates cheering and online advertisers up in arms. A key issue, says FTC attorney Loretta Garrison, is that while most consumers know they're tracked online, they don't fully appreciate how much information is collected. Tim O'Reilly, founder and CEO of O'Reilly Media, worries about knee-jerk legislation criminalizing mistakes that are an inherent part of applying any new technology."

Re:blast

[DJRumpy]

Google is a data miner. Although I know they collect information, I also use their services for free. I understand it's a trade of services for something of value, so I'm not totally opposed to it, although it does give me pause when I use google to search and I have a google account. Although it's easy to claim they don't tie my account info to my searches, It would be a goldmine (literally) if they did so. I find it hard to believe they aren't collecting more than I'm aware of. I applaud this intent by the FTC. After all, Google will still have billions who never install such a plugin, or turn such a feature to exclude them from data mining on in their browser.

I don't want no stinking toolbar to help me out... F those data miners!

Re:

[hedwards]

Indeed, it really depends on how it's being done. It's one thing to restrict such monitoring to the time that you're on their site, and possibly where you go via links and how you get there, but going any further than that is dubious at best. As far as I'm concerned it's fair game for them to mine their own site, provided of course that there's adequate warning and an option to opt out, presumably leaving the site.

Re:blast

[Jane Q. Public]

Wrong! You are confusing just plain advertising with "behavior tracking".

I have no problem with advertising, Google's or anyone else's. You can still visit websites that advertise. It's the TRACKING that is at issue here.

It's not either/or. Companies can (and have for hundreds of years now) advertise without user tracking. Besides, poll after poll have shown that most people do not want "targeted" advertising anyway!

Re:

[DJRumpy]

That is my point. If Google ties my searches to targeted advertising, then it's a form of data mining being sold for-profit to advertisers interested in what I'm interested in. I actually don't mind targeted ads as I simply block all of them anyway, but I do have privacy concerns that at some point they may tie my search to the 'ME' identity of my iGoogle account.

Wrong! You are confusing just plain advertising with "behavior tracking".

Re:

[beakerMeep]

I think there is also a distinction made between targeting via aggregate groups, ie "those that have visited gaming sites" versus keeping perpetual specific data on an individual. Google *I think* leans more towards the aggregate, but the more ways you think of to target, the more specific info you will want to see, so that you can determine if the person matches the aggregate target. This is why retention plays a big role in Google's privacy policies.

Still, I'm sure they gobble a ton of data, and I k

Re:

[digitig]

If most people don't want any advertising then most people don't want targeted advertising.

And you do realise that it's because they've identified you as a techie that they're targeting you with all those viagra ads, don't you?

Re:

[Jane Q. Public]

To clarify, this is what I meant was "wrong":

"I understand it's a trade of services for something of value, so I'm not totally opposed to it"

Trading service for advertising is one thing. Trading service for privacy is quite another.

Re:

[tomhudson]

Trading service for advertising is one thing. Trading service for privacy is quite another.

I'd go further, Trading service for invasion of privacy is quite another.

There's a concept called "anonymity of the crowd" - that you have a reasonable expectation to be able to just blend into the crowd in public. Nobody has a right to start following you around and tracking what you're doing just because you're in public - we call it "stalking." So why should it be tolerated on the Internet?

The worst part is t

Re:

[vux984]

Google is a data miner. Although I know they collect information, I also use their services for free.

Their search service and their map service are the only services I use. I am presented their sponsored links in exchange for both. They don't require more than that.

Although it's easy to claim they don't tie my account info to my searches,

Where did they ever claim that? I fully expect they can and do tie your account to your web searches to whatever browsing information their ad tracking cookies report back

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[DJRumpy]

It's in the Google privacy policy:

When you search at Google, information is recorded along with the search conducted, such as the time of day, browser type you used, your internet address and an anonymous user ID provided by our cookie.

Personal information, such as your name or email address, is not recorded. Google does not require such information to be provided in order to search the web. It may be collected if you use other Google services, such as Google Groups. However, no personal information collect

Re:

[vux984]

This is the privacy policy I see for Google.

http://www.google.ca/intl/en/privacypolicy.html [google.ca]

The quotes you provided are NOT in it. And it says things that weasel around those quotes if you ask me. Please clarify.

My concern is one day they may start linking my Google accounts to my searches such as my iGoogle account.

Its called "Personalized Search" or "Web History" its been around for years. Not too long ago they expanded it to make it an opt-out service, instead of opt-in... you probably already 'use it'. O

Re:

[DJRumpy]

I wasn't aware they had updated the policy. I just opted back out of the web history and deleted any existing history that was there. This is exactly the sort of thing I don't want to participate in.

If anyone else is curious, you can find out how here:

http://www.google.ca/support/accounts/bin/answer.py?hl=en&answer=54052 [google.ca]

Re:

[sexconker]

Although it's easy to claim they don't tie my account info to my searches, It would be a goldmine (literally) if they did so.

Literally.

Re:

[rHBa]

Didn't you know that if you tie enough Google accounts to searches in really tight latices you can make a great pan that will sift gold like no other...

Re:

[kelltic]

Oh hell no, Google rapes you every which way from Sunday! And they want more! Just wait for the Verizon Google gaggle to gain momentum. Seriously people, how deep does a d!ck need to be in your arse before you can feel it? Quit bending over so easily for the likes of Google and wake up!

Re:

[mrchaotica]

Although it's easy to claim they don't tie my account info to my searches, It would be a goldmine (literally) if they did so.

You keep using that word. I do not think it means what you think it means.

Re:

[StripedCow]

they should do just the opposite...

then watch how fast people will switch to privacy-secure technology

Mistakes?

[Serenissima]

Really Tim O'Reilly? Maybe criminalizing mistakes that affect the identity of citizens MIGHT make you more aware so those mistakes don't happen again.

Re:

[Andorin]

Troll mod? Really? The parent is 100% correct. I certainly wouldn't sleep as well at night if I knew that a business that fucked up with any personal data they had on me could get away with it by calling it a "mistake."

Re:

[Jawnn]

What he said...
Look, Tim. I'm all for the industry being able to track behavior and make money off of it, as long as the users are fully and completely informed of the terms of the agreement. The ads pay for much of the content that we get for free, I understand that, but you have to treat the users, your partners in that revenue stream with a hell of a lot more respect and consideration than we have seen to date. The sneakiness with which you have been doing this only confirms what the FTC is suggesting

With the right addon...

[Danieljury3]

You can stop trackers if you use Firefox. I use Ghostery but you could also use No script and block everything.

Re:With the right addon...

[similar_name]

What about tracking the IP? I use Linux and my roommate uses Windows. I have had to search for drivers and technical information many many times for Linux. One weekend I reinstalled Windows for my roommate. On a fresh install under Windows I began to search for drivers. Google's results kept taking me to sites for Linux drivers.

Re:

[lavagolemking]

Isn't that what AdBlock Plus [mozilla.org] is for?

Re:

[sexconker]

You can stop trackers if you use Firefox. I use Ghostery but you could also use No script and block everything.

Unfortunately, people want sites to function.
Standard practice with No Script is:

10: Notice blocked items
20: Click No Script icon
30: Click "Temporarily allow all this page"
40: If page works, GOTO 60
50: GOTO 10
60: Success

Re:

[the_womble]

Most pages work OK.

Depends what sort of sites you visit.

Re:

[ILuvRamen]

I'd use noscript but I want the internet to work. Seriously, I like protection and stuff but that thing is overkill. blacklist-based ad blockers are a million times better and a billion times less annoying.
Plus, don't you think that the people wise enough to use this opt out option are also the type that never ever ever read or click on anything in a web ad anywhere ever? And the people too lazy or gnerally unwise or lacking internet knowledge are the types that click on ads all the time. So what do th

Re:

[RandomFactor]

I'd use noscript but I want the internet to work. Seriously, I like protection and stuff but that thing is overkill. blacklist-based ad blockers are a million times better and a billion times less annoying.

I use noscript because I want my machine to keep working. The time cost of allowing specific sites as needed is more than offset by the time savings in general internet speed and not dealing with the ramifications of getting nailed by the latest drive by rootkit.

I fully understand that this is less of an issue in Linux and Mac environments, but I still primarily live in a Windows world. Firefox and NoScript is (imo) a no brainer there.

Re:

[improfane]

Highly recommend RequestPolicy.

An orgy of data

[Itninja]

If you can't fight it, exploit it. I have actually gotten some pretty cool (free) stuff by misrepresenting myself to various sites online (up to the legal limit, of course).Everything from free Amazon gift cards, to free electronics. I even got a free mobile phone (with service paid for 6 months) once because I claimed I had a business with over 100 employees and that I made over $100K yearly (that was back in 1998 when phones were pricier and I only made about 1/3 of that). Free magazine subscriptions, free enterprise web hosting, free lawnmowers, it's all there for the taking for those willing to game the game.

Re:

[bipbop]

Hey, I've got lots of domains, and I never get offers for $100 of free stamps. What's your secret, CEO of Mike Inc.? ;-)

Re:

[TubeSteak]

If you can't fight it, exploit it. I have actually gotten some pretty cool (free) stuff by misrepresenting myself to various sites online (up to the legal limit, of course).

There is no legal limit.
Theft by fraud is still theft even if they're giving things away for free.
Try googling for Theft by deception [google.com] to read various State laws.

Re:

[Itninja]

According to the US Law definition, what I do is not theft and is not fraud. All I do it lie to marketing companies and get (completely unsolicited) giveaways from them; sometimes expensive ones. The ToD laws always specifically indicate something like this: "The term 'deception' does not include falsity...or statements unlikely to deceive ordinary persons in the group addressed". Those are the kind of statements I make. I never portray the info as if it were legit; only an automated and brainless process

Opt-out is a cop-out!

[Jane Q. Public]

Opt-out is better than nothing, but it's a pansy-assed attempt to keep industry "involved". Opt-in is really the only logical solution to privacy issues.

Re:

[hedwards]

Which the industry hates because most people would never know to opt-in, or really opt-out. Meaning that if it's opt out that's the status quo for most people.

Re:

[blair1q]

There's a solution for that:

http://slashdot.org/comments.pl?sid=1776316&cid=33469174 [slashdot.org]

Re:

[sexconker]

Opt-out is better than nothing, but it's a pansy-assed attempt to keep industry "involved". Opt-in is really the only logical solution to privacy issues.

I'm a big proponent of "opt-away" myself.

I don't like giving information out, so I minimize it. If some site wants to track me in some non-trivial way, I stop using the site.

Re:

[compro01]

If some site wants to track me in some non-trivial way, I stop using the site.

And when it becomes "industry standard", what then?

Re:

[TubeSteak]

And when it becomes "industry standard", what then?

Which is pretty much what DoubleClick and Google Analytics have become.
They are everywhere

Re:

[maxwell demon]

Then stop "using" them. Just block any access to those sites. Their domains are easy enough to detect.

Re:

[rts008]

If some site wants to track me in some non-trivial way, I stop using the site.

And when it becomes "industry standard", what then?

Then I/we[1] will continue to use Firefox* with the 'better privacy, noscript, and adblock+ extensions(for some,also throw in flashblock); they are your friend!
*(or something similar: Opera, Chrome or Chromium, Iceweasel, Konqueror, etc., that have equivalent capabilities)

When that doesn't work, or 'breaks' most of the internet, then we'll go back to pre-internet PC[2] usage...but I doubt it would come to that.
There are too many examples in the whole of hum

Very Muddy Waters

[Swanktastic]

It's hard to be objective about whether to want to protect my privacy or not given I have zero idea of what Google's profile of me looks like. I imagine everyone has some threshold level where they say "Enough is enough, I'm not willing to sacrifice THAT info for free services." I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile. Without better specifics in the hands of the populace about the level of personal details, it doesn't seem to me that a fair level of regulation can possibly be drafted by public officials.

Re:

[Kirijini]

I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile. Without better specifics in the hands of the populace about the level of personal details, it doesn't seem to me that a fair level of regulation can possibly be drafted by public officials.

Yes.

An easy regulation that doesn't require google or other online businesses to change their business model (much) would be to simply require them to release all collected data on a user to that user on request (while also making sure that the information is provided securely and confidentially). Attach some kind of civil (rather than criminal, which would probably go to far) penalty, and allow users to sue, either as a class action, or individually. This scheme wouldn't prevent Google from collecting da

Re:

[kumanopuusan]

require them to release all collected data on a user to that user on request (while also making sure that the information is provided securely and confidentially)

I believe I understand the theoretical basis of your proposal, which seems to be that consumers require perfect information to make correct decisions. That seems reasonable.

However, businesses like Google typically have policies forbidding the release of any information to anyone outside the company, with some exceptions. What's more, most user information is probably already somewhat anonymized (For example, there's no need to store specific user information when calculating term frequencies or click

Re:

[silentcoder]

That's a start - but it could be better.

Require any company that does tracking to provide an application to any user which lists ALL information in the profile with a simple button that can delete any entry from it - and a delete all button as well.

This requires all of an hour's coding and one SQL statement in the background. It lets users choose what is tracked and trackable and clear any information they don't want tracked.

Then: some kind of system to prevent at least some deleted entries from being retra

Re:

[Anonymous Coward]

I would guess we all probably fall into two camps- either dramatically underestimating or dramatically overestimating the level of information stored in the profile.

There's a lot of data stored, but I imagine it would be completely uninteresting to look at. You can see a summary of it here: https://www.google.com/dashboard/ [google.com]

Google looks at all sorts of information about you personally, but when it comes down to it, it all just ends up as a bunch of meaningless (except to computers) numbers used to classify your preferences so they can show you better search results, or ads which you'll like better than non-targeted ads (and if you like them better, you're more likel

Re:

[Anonymous Coward]

It's hard to be objective about whether to want to protect my privacy or not given I have zero idea of what Google's profile of me looks like.

You might want to look at Google Ads Preferences: http://www.google.com/ads/preferences/

It gives you insight into your profile, lets you opt out, and also provides a browser-based tool to allow that opt-out to persist after you clear your cookies.

Re:

[ginsudo]

check out Bynamite - shows you what advertisers think you like - http://bynamite.com/ [bynamite.com]

How's this different from a do-not-call list?

[lavagolemking]

Advertisers didn't like the idea of a do-not-call list to restrict telemarketers from calling/harassing consumers who didn't want to be bothered either, but people are still pretty happy with it. Now advertising companies are collecting (and even selling) a lot of personal data about consumers who don't even know such data exists, and advertisers are upset that the government might give them a way to opt out of their system. How is this any different? Also, I know this isn't how things are done in Washington, but in a democracy shouldn't the government be answering to its concerned citizens instead of just focusing on what makes things easy/profitable/convenient/one-sided for large corporations?

Re:

[Wingman 5]

Actually for some state, county, and city laws they are passed democratically for a famous example see http://en.wikipedia.org/wiki/California_Proposition_8_(2008) [wikipedia.org]

Re:

[Sulphur]

If by taking up arms you mean voting them out.

Re:

[theaceoffire]

My older employer loved it.

They were telemarketers... technically "Non-Profit", although 95% of the donated money went to overhead.

^_^ And yes, we are allowed to call the Do Not Call List.

//Would not be surprised if that is where we get our call list

Don't accept cookies?

[ynohoo]

I only accept cookies from sites I trust. Yes this sometimes causes problems on untrusted sites - which gives me further reason to not trust them! If a web designer does not anticipate "no cookie" users, their intention is to give your privacy a good shafting.

Criminalizing mistakes

[blair1q]

I'm not sure what that means in this context.

If I tell you not to put any cookies on my machine, then DON'T.

And don't sneak around to other websites to find my IP address, either.

Just forget I ever visit more than one site.

No mistake about that.

Stop Following Me Around, Club Med

[speedlaw]

I got a taste of this when I went looking online for vacations. I saw "club med" ads on every page I went to for a good two weeks. It got really creepy after a while. I went away but NOT to Club Med.

Re:

[pedantic bore]

Hmm. Swedish fish have been following me around for a week or so.

What about OFFLINE advertising?

[dave562]

I'm all for the FTC cracking down on online advertising and tracking. Who are we kidding though? Have you seen some of the stuff that happens offline? Has anyone taken a look at what Nielsen is up to? They have insane levels of demographic data available on EVERYONE. Every single one of us has already been pigeon holed and stereotyped based on our buying habits, where we live, what kind of car we drive, etc.

Take a look at this.

http://en-us.nielsen.com/content/nielsen/en_us/product_families/nielsen_clar [nielsen.com]

How would a Do-Not-Track system work?

[scdeimos]

I'm all for the FTC/government cracking down on behavioural tracking, but how would such a system work and how could it even be policed?

In the case of the Do-Not-Call system:

• Individuals must register their telephone number with the government (in Australia, at least, you have to repeat this registration every 12 months)
• The government then exports the list to the advertisers/marketers on a regular basis.
• Advertisers/marketers are expected to integrate the list with their systems and honour its content.
• If advertisers/marketers call a number on the Do-Not-Call list it's still up to the individual to complain to the government about it, and the government is expected to pounce on the advertiser/marketer if the number was registered more than 30 days ago.

How would such a system translate to the web? (And I say the web as opposed to the internet as a whole, since the web seems to be where the battlefront is at the moment.)

Possiblities:

• Individuals have to register their IP addresses: fails because of dynamic IP address assignment at most ISP's.
• Individuals have to create a special Cookie: fails because Cookies are only sent to their origin domain - you can't set one for *.com, *.edu, etc.
• Special "X-Do-Not-Track: Yes" HTTP header: this could work but may be stripped by certain proxy servers enroute, rendering it useless. All browsers would have to be updated to include a UI preference that turns this on and off as well.

What about enforcement? How can you tell if someone is tracking you? How can you provably report it to the government so that they can do something about it?

Unfortunately it sounds like a bit of a pipe dream to me.

Re:

[Anonymous Coward]

It's so simple: no cross-site anything, period, all content displayed must be local to that site only.

That means no cross-site CSS, no clear gifs/beacons from any other site, scripts cannot pull any content from other sites, if a domain owner has ownership over more than one domain then their site on one domain cannot pull content from another of their domains. Whatever else, if it comes from another site it must be clearly linked to that site, but that content cannot be pulled, included, or otherwise force

Re:

[uigrad_2000]

Unfortunately it sounds like a bit of a pipe dream to me.

Unfortunately, it's far worse than that. We've all heard the phrase "When they outlaw xxxx, only outlaws will have xxxx". And of course, that exact logic applies here. Even once yahoo and google spend millions to comply with whatever craptastic regulation Washington makes, all the non-legit sites will continue to do whatever they feel like doing, and the average individual browsing the web will be just vulnerable as before.

For people concerned with

Re:

[drcheap]

The only way to really protect yourself is to learn how tracking systems work, and implement your own safety. In this case, it's pretty easy, just turn off cookies...lol.

Yes, just turn them off, breaking legit functionality of many sites you frequent.

It's okay though, because your healthy, no-cookie diet still won't make you thin because there is the cake that is being secretly injected right into your stomach [arstechnica.com] .

Am I alone when I say I don't mind it?

[mykos]

This is the least of my privacy concerns on the internet. Seeing ads for things I'm interested in is better than seeing ads for things I'm not interested in, right?

I'd certainly change my mind in some unspeakable horror was revealed, but my default stance is not to hang too much importance on it.

Re:

[Sarten-X]

Not alone at all. So what if the advertisers track me? If I'm doing something I don't want to be connected to me, I can use Tor and a different browser, and consider myself sufficiently clear. Any ties to my normal habits will be sufficiently remote to not greatly affect my normal experience.

I, for one, welcome tracking and targeted advertising. As a true example, I recently realized that an uncomfortable number of my family games ended in arguments because of certain players screwing over other certain pla

Re:

[jpapon]

I agree completely. Besides, it's just a good practice to assume that anything you do involving the interwebz is tracked and stored. If I'm up to shenanigans, or I need my activities to be secure, I make sure they're anonymous/secure to the best of my abilities. The Internet is a public arena, I find the claim that you should be anonymous all the time dubious at best. Besides, from my experience, anonymity tends to bring out the worst in people.

Equality

[b4upoo]

As long as individuals have the same right to spy as companies I have no issue at all with data collection. It is only when government of groups with privilege have powers that the public does not that there is a problem.

Firefox Addons Already Provide Customized Blocking

[CodeBuster]

I use and recommend Adblock Plus [mozilla.org], Better Privacy [mozilla.org], CustomizeGoogle [mozilla.org], Flashblock [mozilla.org], NoScript [mozilla.org] and RequestPolicy [mozilla.org]. This combination allows for extraordinarily fine grained control over what sort of information is tracked from session to session. Now, if you log into a site using an account controlled by that site then they are going to track some clicks regardless of what addons are used, but if you are logging in with a named account then you probably already knew that.

Re:

[arkenian]

but if you are logging in with a named account then you probably already knew that.

Which is an interesting point. As the web has more and more 'big players' how often are people 'logged in' without really paying attention to the fact because they're logged in for a different function and forget that the two functions are connected?

I'm embarassed to admit that I'd forgotten how often I'm logged into gmail in another tab while using google search...

Re:

[CodeBuster]

I'm embarassed to admit that I'd forgotten how often I'm logged into gmail in another tab while using google search...

The precise source of said embarrassment is left up to the imagination of the reader...

Re:

[whitesea]

I use and recommend Adblock Plus [mozilla.org], Better Privacy [mozilla.org], CustomizeGoogle [mozilla.org], Flashblock [mozilla.org], NoScript [mozilla.org] and RequestPolicy [mozilla.org]. This combination allows for extraordinarily fine grained control over what sort of information is tracked from session to session. Now, if you log into a site using an account controlled by that site then they are going to track some clicks regardless of what addons are used, but if you are logging in with a named account then you probably already knew that.

I also use TACO. Why do we need government action, when all the tools are already here?

Re:

[Endosynth7]

Another useful tool is ghostery http://www.ghostery.com/ [ghostery.com]

Re:

[assantisz]

I am confused about the FTC requiring opt-out tools. They already exist. You can go to the Network Advertising Initiative's website [networkadvertising.org] and opt-out. Sure, only members of this organization will recognize the opt-out cookie but most advertising and tracking services are members of the NAI. Then there are tools as OP mentioned. I'd like to add Bynamite [bynamite.com] as well.