Do you know Buysight or 33 Across? I hope so, because they likely know a lot about you.
Web tracking has become both more prevalent and intrusive in recent years, both as the trackers have become more emboldened by the lax legality and the increasing powerful technology. Gone are the days of simple tracking cookies; dozens of methods are in common use now. Sure, cookies are still around, but now companies use Flash cookies, web bugs and other means to uniquely identity and track you both across sessions but also across intentional attempts to delete tracking methods.
For example, let’s say you’re a prudent person who simply enjoys your privacy. You empty your browser history, cookies, and maybe even use a program to empty things like Flash cookies. What you don’t know is your browser is caching a page containing a small image unique to you. Though only a few pixels in size, its grid of specific colors is unique to you. Upon accessing a site connected with the images designer, they reload all of the other tracking items onto your system that you just deleted. You literally have to clean up every single trace or they’ll find you again.
Now, ad networks, data aggregators – whatever you prefer to call them, realize privacy is an important choice. The question is what choices should you have and are they to be legally enforced or self-enforced? The fact is the market has been self-enforcing until this point and I don’t like where it’s landed us. Some tracking companies offer opt-out cookies, others don’t. (Note: opt-OUT, meaning every time you clear your cookies you have to go re-opt-out.) I much prefer an opt-in scenario, but this won’t happen in a self-enforced market; it’s not as profitable. Likewise, other trackers aren’t as kind. Some major marketing firms require you to hand over a substantial amount of personal information (name, email address, etc.) to sign-up for opting-out. This is unacceptable that the default is everyone (including companies I have no business relationship with) can so freely grab, aggregate, and sell my online history.
So, how must things change? The minimum is that a universal opt-out must be made freely available and easy to use, covering every legitimate tracking company. The industry itself thinks this is too far, rather preferring to offer an opt-out of targeted advertising, not tracking itself. This is still tracking. At this point, I wonder if the FTC should become involved and make this a legal issue.
Now, this is a dangerous path of course. Anytime the government meddles with technology it seems to find a way of screwing it up. Furthermore, by enhancing the rights of one group (consumers) they are inherently limiting the rights of another (tracking companies/websites).
Additionally, technology may offer an alternative to a legal path. Browser extensions already exist to help opt-out on a permanent basis. Other regulated industries such as the financial sector offer niche solutions that cover one aspect of the overall picture. Unfortunately, nothing covers the whole spectrum. Other issues abound. Both Firefox 4 and IE9 feature a do not track header. Luckily, they’re compatible, but Chrome looks like its implementation may not be. In addition, browsers typically disable this feature by default, meaning the vast majority of users will never use it, even if website operators decide to implement support. The fundamental problem with all of these options if that they’re just that; options.
Without the legal teeth of the government breathing down tracking companies’ necks, they’re only going to do the minimum to prevent bad publicity and prevent users from rebelling.
At this point, I do not see another way beyond government intervention to protect consumers from increasingly invasive online tracking. The fact is tracking works, letting marketers get more bang for their buck by modifying advertising to target individuals. The problem is blocking tracking will never make sense from a business standpoint; no one’s going to make more money from not tracking. As long as it remains a quiet topic the average consumer is unaware of, they’ll never even worry about it. This is exactly the sort of situation the government must step into, even if to simply mandate bare minimum levels of privacy protection. Sure, I’d love to see mandatory opt-in, but I’ll settle for an easy-to-use universal opt-out. Anything is better than the kludge we have now.