What the hell am I doing on the BBC?

So this week I’m on the BBC blabbing about how Web tracking companies are out to get us. What did the Beeb want with me? Read on for the details.

It started with this blog post I wrote a few weeks ago about how certain ads – one in particular for Jitterbug smartphones – were stalking me across different Web sites. I’d finally had enough of that and went into the Digital Advertising Alliance page to opt out. That’s when I discovered an “interests profile” compiled on me by a company called BlueKai that detailed 471 categories I might fit into, including “trendy homemaker” and “soccer mom.”

That post caught the eye of Matt Danzico, a reporter for BBC America based in New York City. He flew down to my office to film me in the act of being tracked online, talking about what I’d found and what shenanigans Web advertisers get up to. But, being the creative sort, Matt also had some fun with it. He filmed me walking down the street outside my office, with him hiding behind trees and lamp posts and jumping out at me unexpectedly, as if he were a spy. (Or possibly an elf.) He coerced total strangers to pretend to stalk me. He got us kicked out of a downtown café. (I still haven’t gotten up the nerve to go back.)

He then did the same thing to Peter Eckersley of the Electronic Frontier Foundation in DC, and filmed Direct Marketing Association CEO Linda Woolley in her New York office. (Not surprisingly, he skipped the stalking bit with the DMA.) Danzico edited hours of footage down to a tidy 3 minutes and 41 seconds, added an appropriately sinister spy movie sound track, and posted it to the BBC America Web site. It will be broadcast to an unsuspecting nation of Brits sometime this week.

I’d embed the video here to save you the trip, but the BBC does not countenance such tomfoolery. It’s worth watching, despite some scary close-ups of yours truly.

I do, however, have a few post-video fact checks to add.

1. In the video, the DMA’s Woolley makes the following statement:

“I think most people in the United States do know they’re being tracked online. And I also think that they’re OK with that. They get the economic model of the Internet. And the economic model of the Internet is quite simply that free content is supported by ad revenues.”

Actually, surveys by the Berkeley Center for Law and Technology, Harris Interactive, the University of Pennsylvania, Gallup and others consistently indicate a majority of Americans are not OK with being tracked online.

She also said this: “You can opt out of all behaviorally targeted ads with one click.” As I pointed out in a recent blog post (“Why opt out is such a cop out”), Woolley’s numbers are slightly off.

You can indeed opt out of 86 members of the Network Advertising Initiative (NAI) with a single click. If you want to opt out of the 480-odd members of the Digital Advertising Alliance (DAA) AdChoices program, however, it will take at least 271 clicks – and probably close to double that number. And you’ll have to do that for every browser you use. That’s not counting the 800+ tracking companies that aren’t located in either database and may not offer any opt out at all.

2. In the BBC story, the EFF’s Eckersley estimates that 5 to 10 percent of online ad revenue is related to online behavioral tracking – making the point that online advertising doesn’t need to collect your browsing history to support free content. The figures I’ve seen, courtesy of Abine’s Sarah A. Downey, are closer to 15 percent, and those are just an estimate. The Interactive Advertising Bureau doesn’t break out separate revenue figures for online behavioral advertising (OBA), but my guess is its significantly higher than that, and that OBA will very soon become the primary way ads are delivered.

3. I made sort of a misstatement myself near the end of the piece when I said “Here’s the ironic part. You opt out of Web tracking cookies by setting a tracking cookie.” Later I wondered, are these opt out cookies really also tracking cookies? Did I misspeak?

So I asked Rich Shay,  a fourth-year doctoral student in the School of Computer Science at Carnegie Mellon University, who’s been doing research into cookies along with a team lead by Lorrie Faith Cranor.

The answer? Yes and no, says Shay.

“There is evidence that some NAI/DAA members continue to track users who have opted out, while some stop tracking. A number of NAI/DAA members explicitly state in their privacy policies that they do not track users who have opted out of online behavioral advertising. Some opt-out cookies have very generic values, meaning that those cookies would not be suitable for the purpose of tracking. Other opt-out cookies have what appear to be unique identifiers, meaning they would be suitable for tracking. Further, under the NAI/DAA’s own rules, companies are allowed to continue to track users who have opted out. “

And there you have it. One day I’m an obscure privacy blogger, the next day I’m an international media superstar, and two days later I’m back to utter obscurity. Ah fame – so fickle, so fleeting.

Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Web trackers are totally out of control

Further adventures in data mining, or welcome to my Lear Jet Lifestyle

Four reasons why Do Not Track turned into Do Not Trust

2 Responses to “What the hell am I doing on the BBC?”

  1. on 27 Apr 2013 at 5:00 pm Greg

    Hi Dan- I’m with you 100%. I’m also involved with EFF and a few other things, and I’d like to get in touch via email. My public email address (that I use for postings on blogs) is g2g-public01 (at) att (period) net. (Letter g, numeral 2, letter g, dash, the word ‘public’, numerals 01 at att.net or just copy & paste that part.) If you write to me there I’ll write back with my work address and then write back from my work address, so you know who I am in the real world.

    “Stalking” is exactly the word for this, and I say that from having helped send a violent stalker to prison years ago and then learning more than anyone would want to know about stalkers. It’s also not unreasonable to suggest that criminal stalkers could take advantage of the same infrastructure used by advertisers, in conjunction with geolocation on mobile devices, to track down victims who are attempting to evade them.

    Given what Peter Eckersley at EFF said (which surprised me) that only 5% – 10% of total internet ad revenue comes from stalking, it would be interesting to calculate the actual revenue per tracked page-view per person (in other words, what any given website owner earns by allowing the stalkers to stalk you when you click on their web page), and publicize that number. I’m going to guess that it’s a small fraction of a penny per page view, perhaps 1/50 of one cent. When expressed that way, I’d bet that most people would rather pay their broadband provider the fractional penny per click, to get rid of the stalkers: and therein is a potential competing model of internet economics.

    One more observation: the present legal doctrine of “no expectation of privacy while in public” is an extension of horse-and-buggy thinking in the superhighway era. It was conceived in the day when one’s public activities were casually observed by others, without aid of pervasive cameras and databases. To update it to the modern era we need to differentiate between “being seen,” “being watched,” and “being stalked.”

    Being seen is casual: a prudish neighbor sees you walking out of the adult book store with a full shopping bag and gives you a disapproving look. That’s the original oldschool “no expectation of privacy” and clearly there’s nothing to be done about that.

    Being watched is deliberate: the department store security officer thinks you’re a possible shoplifter and keeps an eye on you. But there is no persistent data collection or promiscuous data sharing, and even with the aid of cameras in the store, there is nothing particularly creepy going on.

    Being stalked is what occurs when there is persistent collection, promiscuous sharing, and efforts at predicting individual behavior. This is what’s objectionable, creepy, and should be strictly regulated by law: in physical public spaces and online. At present it gets a free ride under the “no privacy in public” doctrine, but this is what we have to challenge and change about the doctrine.

    There is a fourth category of course, “being surveilled,” which is lawful surveillance by agencies that are directly accountable in court and indirectly accountable to the voters. Here the appropriate standard should be “in an emergency or with a warrant,” where emergency surveillance is limited in duration and always followed by an application for a warrant. I’d guess that most of the public would be satisfied with the “emergencies and warrants” standard.

    OK, so that’s enough for one comment and I’ll look forward to getting in touch via email, or alternately, feel free to say that my ideas stink and I should just buzz off;-)

    -G.

  2. on 30 Apr 2013 at 7:25 am dan tynan

    yes, exactly. thanks for leaving such a cogent articulate comment, you have (temporarily) restored my faith in humanity vis a vis the internet.

    the adult book store example is a good one; have the same thing captured by Google Street Image (and it has, on at least one occasion) and the notion of privacy expectations gets turned on its ear.

    http://news.cnet.com/2300-1025_3-6187837-5.html

    cheers

    dt

Trackback URI | Comments RSS

Leave a Reply