Privacy is Not an On and Off Switch – "Do Not Track" is Not the Answer

Victoria Salisbury wrote an excellent blog post today on “Who’s Creepier? Facebook or Google?“.  I’ve been intrigued by the hypocrisy over criticism of Facebook’s own very granular privacy controls when sites like Google, Foursquare, Gowalla, Twitter, and others have an all-or-nothing approach with some things (location and email in particular) that are even more private than anything Facebook is currently making available at the moment (if you want some good examples read Kim Cameron’s blog).  The fact is that Facebook, despite the amount of private data available, will always be my last resort as a hacker when I want to track data about an individual online due to the granular control of data available, and lack of default public data.  However, despite all this, even Facebook isn’t at the ideal place right now in terms of privacy. The fact is my private data is still enclosed on Facebook’s servers, and with that, there will always be some level of risk in storing that data, no matter where it is.  So what’s the solution?

Browsers such as Mozilla and Chrome are now beginning to implement “fixes” around this problem of tracking data about users across online services (note my article on how even Wall Street journal is tracking data about users), called “Do not track.”  The extension, or in some cases native browser functionality, seeks to give users the option of completely turning off the ability for sites to track a user around the web, removing any personalization of ads and in some cases the removal of ads completely from the browsing experience.  This experience is fine and dandy – it gives the user an option.  But as my friend Louis Gray puts it, “all it does is ensure off-target ads with a crappy experience.”  It is clear an on and off approach is the wrong approach, and I fear those behind these extensions and browser integrations are missing out on an important opportunity.

So where can we go from here if “Do Not Track” is not the answer?  The answer lies in the problem I stated above – the problem being that individual user information is being stored on 3rd party servers, without the control of users and assumed risk of relying on a 3rd party.  We saw this as Facebook made a temporary mistake earlier in 2010 when they launched Instant Personalization on 3rd party websites along with other 3rd party website features, but in doing so accidentally opened up a majority of their users private information with little notice to users (I did get an email warning of the change, however).  Facebook quickly fixed the privacy problem with even better privacy controls than before, but by that point the damage was done.  It was proof positive that there is huge risk in storing private information on 3rd party websites.  The advice I give to customers and users and news organizations in interviews I give is, “if you’re not okay sharing it with the world, don’t share it at all, regardless of privacy controls.”  It’s an on or off solution at the moment, and I’m afraid there are no better choices.

There is a solution though.  Chrome, and Firefox, and IE, and every browser out there should be working towards this solution.  We need to take the granular controls that sites like Facebook provide, and put them in the browser.

Awhile back I spoke of a vision of mine I call “the Internet with no login button.”  The idea being that using open technologies (we already have Information Cards, for instance), the more private information about users can be stored in the browser, reducing the risk of that information being shared by accident with 3rd party websites.  Rather than something like Facebook Connect (or Graph API), for instance, a browser-driven version of OpenID would control the user authentication process, identify the user with a trusted provider (Facebook, Google, Religious institutions, Government institutions, you choose), and then be able to retrieve private information about individuals directly from the browser itself.

The fact is I already use tools to do some of this.  1Password, for instance, allows me to keep a highly encrypted store of my passwords, credit card, and other data on my hard drive and provide that data, as I choose, to the websites I visit.  A browser-native experience like this would make this process automatic.  I would specify which sites I give permission to have my data – name, address, phone number, email, location data, etc. – and I would also be able to choose what users have access to that data.  I could then choose to store my more public data on services such as Facebook and elsewhere, with the same option to still store it on my own hard drive if I choose.  With such a fine-tuned integration my more private information is completely in my own control.  My browser controls access to the data, not any 3rd party website or developer.

At the same time keys could be given to 3rd party websites to store my data on their servers.  In order to render that data, they need my computer’s permission to render the data.  The solution is not quite evident yet, but some how a trusted, separate service should be able to provide the permissions to render that data, and when that permission is revoked, all data, across all 3rd party websites, becomes disabled.  Or maybe just a few sites become disabled.  The goal being control is completely handled by the user, and no one else.  Maybe sites get disabled by my browser sending a “push” to the sites, forcing their data of mine to delete completely off their servers (or render useless).

Chrome and Mozilla have a huge opportunity here, and it’s not to provide an on or off switch for privacy.  I should be able to decide what information I want to be able to provide to ads displayed to me, and that data shouldn’t come from Facebook, Twitter, or Google.  My browser should be controlling that access and no one else.  Privacy belongs on the client.

I’m afraid “Do Not Track”, in the browser or by government, is no the answer.  There are better, much more granular solutions that browsers could be implementing.  It is time we spend our focus on a dimmer, not an on-and-off switch, for the open, world wide web.  I really hope we see this soon.

Advertisements

7 thoughts on “Privacy is Not an On and Off Switch – "Do Not Track" is Not the Answer

  1. Isn't a browser just another third party too? It can get hacked just as easily as Facebook, and the controls are sure to be just as confusing to the public. Do you think it's better because the browser isn't trying to make money in the same way as websites? I do like the revoke ability you talked about.

    Like

  2. The client is a lot harder to compromise, and is much less a target than a

    single database of everyone's information. Not just that, but users can

    audit how information is being stored, how data is being encrypted, and have

    complete control of their data. The only way a browser can be hacked is if

    a single, malicious individual has access to that computer, or if a virus

    compromises the machine, getting access to the browser's information.

    Like

  3. Jesse, thank you for the wonderful write up. I am so interested in your take on the “fix” to privacy and how it has yet to really appear for the user on the browser and the need for granular control.
    In terms of “Instant Personalization,” I also wonder– is this just another step in offering us all a web that's not so much a reflection of the world, but a mirror of ourselves, as it will only reflect individual user interests, consumer desires..?

    Like

  4. I think that is the intent of Instant Personalization, yes. I think

    Facebook has kept it pretty safe so far. The browser implementation of this

    experience would definitely be much safer though.

    –Jesse

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s