Why are privacy and advertising strange bedfellows?

In A Race to the Bottom: Privacy Ranking of Internet Service Companies, Privacy International spray-paints the façades of landmark companies that line today's Main Street on the Web. The painted colors are assessments of each company's performance on privacy issues. Though the rankings are colorful, what they say isn't pretty.

Nobody in the "interim rankings" (.pdf) gets the top (green) mark for "Privacy-friendly and privacy enhancing". The bottom (black) mark, for "Comprehensive consumer surveillance & entrenched hostility to privacy", goes to just one company: Google.

Here's the color-band system by which each service is rated:


Privacy-friendly and privacy enhancing
Generally privacy-aware but in need of improvement
Generally aware of privacy rights, but demonstrate some notable lapses
Serious lapses in privacy practices
Substantial and comprehensive privacy threats
Comprehensive consumer surveillance & entrenched hostility to privacy


None of the ranked companies were spared rebuke. Here's a sort of the marks, with the summary justification for each—

  • Green:
    • None
  • Blue:
    • BBC — "Rare in its openness about processing, what for, and how to access data and manage cookies.
    • eBay — "Good responsiveness. Web beacons and lack of information on retention detracts from score."
    • LastFM — "More openness on how to appeal would help case. Explicit use of anonymized data is promising, though more detail on how this is done technologically would increase confidence."
    • Wikipedia — "Lacking in some information, such as contact details. Good statement on retention policy, though unless there is a contact, this is unverifiable."
  • Yellow:
    • Bebo — "Prior problems has led to some innovation. Lack of information is problematic. User control increasing.
    • Amazon — "Amazon has improved much over the years but consumers should be informed on how their clicking, reading, and purchase habits are profiled and used.
    • Friendster — "Insufficient information to draw compelling conclusions. Lack main point of contact problematic.
    • LinkedIn — "Use of email addresses of non-users and beacons is questionable. Accessibility of personal profiles could be better managed. Can close account but only via email."
    • LiveJournal — "More clarity about privacy enhancing innovations is needed. Lax attitude towards addresses is problematic. Good have procedure on breaches."
    • MySpace — "A mixed bag, with some strong protections and lot of ambiguities. Problematic interpretation of IP addressing data. Invitation recipients can opt-out. Account deletion is unclear."
    • Skype — "Good promises on deleting invitation email addresses. Lack of contact details is problematic. Lack of openness about software capabilities is problematic. Deletion of traffic data is good statement though less ambiguity about role of laws would help."
  • Orange:
    • Microsoft — "More information on retention is required. Policy is too basic despite application to a number of services. Have embedded privacy into many product and service designs, but terrible track record, including recent WGA debacle."
    • Orkut — "No Orkut-specific privacy contact information. Limited privacy policy. Account deletion good sign. Checkered history in cooperating with governments. Requires registration to view information, but registration applies across Google services."
    • Xanga — "Invitation process could be better managed. Treatment of IP data is vague. Profiling is mentioned but more clarity is required. Information should not be shared by default. May limit information collected."
    • You Tube — "Considering the size of YouTube and its owners, the vague information about sharing of personal information with affiliated companies leaves much to be desired. Tracking email reading habits is problematic. Videos are not considered personal information. Explicit statement that 'consent' is presumed in transborder data flows is questionable."
  • Red:
    • AOL — "No privacy enhancing innovations apparent though points to privacy services from other companies."
    • Apple — "Vague privacy policy does not address the advanced level of services offered by Apple, — "Could be quite promising if Apple was more open. Good that firm offers access to data subjects. Responsiveness has been poor to date."
    • FaceBook — "Problematic track history. Uses data from 'other sources', and has not maintained strong security mechanisms. Does not inform on measures being taken now to protect data."
    • Hi5 — "Preposterous use of advertising technique (pop-up window) when clicking on privacy policy. Point of contact being a General Counsel leaves little confidence is responsiveness."
    • Reunion.com — "Promising for use of email relaying. Data sharing is dangerously vague. Tracking usage is problematic. Historical ethics problems."
    • Windows Live Spaces —" Problematic use of personal information, without clear statements about retention. Uses almost every means identify users and track movements."
    • Yahoo — "Vague privacy policy prevents us from understanding the dynamics of data processing. Using information from other sources is highly problematic. Account closure possibility is good (and honest statement about retention is relatively positive). Lack of information on search and IP data is problematic. Poor track record."
  • Black:
    • Google — "Track history of ignoring privacy concerns. Every corporate announcement involves some new practice involving surveillance. Privacy officer tries to reach out but no indication that this has any effect on product and service design or delivery.

According to the report, "The analysis employs a methodology comprising around twenty core parameters. We rank the major Internet players but we also discuss examples of best and worst privacy practice among smaller companies." The "initial assessments" describe performance in ten areas:

  1. Company administrative details
  2. Corporate leadership
  3. Data collection and processing
  4. Data retention
  5. Openness and transparency
  6. Responsiveness
  7. Ethical compass
  8. Customer control
  9. Fair gateways
  10. Privacy enhancing or invading innovations

As for motivation, Privacy International says,

We are increasingly concerned about the recent dynamics in the marketplace. While a number of companies have demonstrated integrity in handling personal information (and we have been surprised by the number of 'social networking' sites which are taking some of these issues quite seriously), we are witnessing an increased 'race to the bottom' in corporate surveillance of customers. Some companies are leading the charge through abusive and invasive profiling of their customers' data. This trend is seen by even the most privacy friendly companies as creating competitive disadvantage to those who do not follow that trend, and in some cases to find new and more innovative ways to become even more surveillance-intensive.

We felt that consumers want to know about these surveillance practices so that they can make a better-informed decision about how, whether and with whom they should share their personal information. We also believe that companies need to be more open about how they process information and why it is processed.

Most importantly, we wanted to indicate to the marketplace that their surveillance and tracking activities are being scrutinised.

So the idea here isn't just to expose shortcomings, but to put pressure on these services.

But one wonders... Why would all these companies suck so badly at respecting privacy?

I believe there are two reasons: 1) Growth in adoption of advertising-based revenue model that Google pioneered, and now provides for millions of companies, and 2) Absence of privacy (or any) control on the user's side other than refusal to cooperate.

As Privacy International puts it, privacy and advertising are strange bedfellows:

The current frenzy to "capture" ad space revenue through the exploitation of new technologies and tools will result in one of the greatest privacy challenges in recent decades. The Internet appears to be shifting as a whole toward this aim...

Although the Net itself isn't shifting anywhere (it's a quibble, but "the Internet" is not the same as the collection of websites and services that reside on it), there is a failure of imagination around business models other than retailing and advertising. Especially advertising. And there's a pile of money in advertising. Especially for Google, which is moving toward a de facto monopoly on the business, if it isn't there already.

In March ComScore published its latest numbers on share of online searches. Google was a hair under 50%, and going steadily up while everybody else was going down. In "searches per user" nobody else came close to Google.

But Google's business model isn't search. It gets because effects off search. Search is free. But because of search, Google makes money with advertising. That's its business model. Part of that business model is putting millions of individuals and companies into the same business. You don't need to sell a single ad to support your site or your blog with advertising. Google AdSense does all the work. It not only does that work for millions of businesses, but creates millions of businesses where before there were none.

The Internet Advertising Bureau and Price Waterhouse say online advertising was $4.9 billion in Q1 of 2007. Google advertising revenues in the same quarter were $3.627450 billion. Do the math. "Google Network Web Sites" reveneues were $1.345329 billion. Those revenues were Google's side of the advertising take. The rest of the money went to the site owners.

To make advertising of this sort work best requires maximizing intelligence about users. Does this also require privacy violations? The last quoted paragraph above seems to suggest as much. So I have a question for both Google and Privacy International : Could Google and its partners do as good a job in the advertising business if they did everything it takes to get a green score?

While we're pondering that, let's look at the second problem. Online privacy as we know it today is almost entirely at the grace of the vendors we deal with. The terms are theirs. We accept them or we don't. Other than opting out, we don't have much control on our side. We can't, for example, make a global assertion of anonymity to the world, and then selectively reveal pieces of identity information to vendors, on a private and need-to-know basis that we determine. For the most part we have those privileges when we shop at stores in the physical world. But in the online world we are much more compromised by conditions that are beyond our control. We can be tagged and tracked like animals and never know it.

These conditions will stay out of our control as long as we continue to believe that markets are about supply chasing down and "capturing" demand. There has to be a better way — one that serves demand at least as well as it serves supply. Whatever that better way is, advertising is part of the problem, not the solution.

Even as Google and others put millions more of us into business, it's still the advertising business. And that business is driven entirely by its supply side. Follow the money. Advertisers pay Google and its partners for click-throughs. By making advertising accountable for performance, Google moved the whole category forward an enormous distance. But it's still advertising. And advertising is still woefully inefficient. For every click-through there are hundreds, thousands or millions of "impressions" or "exposures" that are actually neither. They are noise. Instead of wasting trees (as print media do) or time (as broadcasting does), they waste server cycles, packets and pixels. Those come cheap, but they're still waste, still noise, still clutter. They are distractions, and they get in the way.

We can't leave privacy solutions entirely up to large suppliers. That can't work. We can only solve privacy problems by equipping individuals with better ways to control and reveal private information while also finding what they want in the networked world. Until we do that, Privacy International will still be ranking sites with colors other than green.


By the way, next week in San Francisco, leading up to Supernova 2007, there will be an open space workshop at Wharton West. While the Supernova theme is "The New Network", the open space workshop can cover any topic we like. Vendor Relationship Management (which seeks to solve the "advertising problem", among other things) is on the list of proposed session topics (we'll choose those as a group at the start of the day). So are some other excellent topics — including whatever you want to add to the wiki or tell the group about when the day starts. The cost is $25. Includes lunch.

My own fantasy about this is that we get actual developers — folks who write code — to come and help the rest of us work this out. If that's you, please come. There are some pretty big itches to scratch here.

______________________

Doc Searls is Senior Editor of Linux Journal

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Call me cynical, but I'd

caballosweb's picture

Call me cynical, but I'd rather have companies like Google gathering info about me and use it to provide more suitable advertisements to me (which I block anyway), than, say, national agencies and their friends poking in my private internet data they forced my ISP to gather (for our own safety, of course). I get worried when that info is passed along to others though.

I'm not sure if people realize it, but if they gather all your internet data (the interesting parts anyway), telephone and mobile phone info, and where you move by train or car, and where you walk by cameras, there isn't much privacy left for people, you know.

Information is power, and we all freely give very detailed info to shady institutes. Nothing wrong with them, you say, we can trust our own government, right? Don't be such a paranoid idiot, right? Thing is, sure, you're probably right. We can't really know though, can we? We give them our info, but we don't even know what they collect or do with our info. But even if everything is nice and shiny at the moment, how can we be sure it will stay so?

Suppose for whatever reason it gets ugly, then what? Given time, that's sure to happen, keeping history in mind. So the question isn't whether you trust the current system, but whether you trust all future governments and institutes too. I don't, and I don't think it's reasonable to expect that of people.

So imagine it went indeed ugly, and there's a dictatorship in power. One that inherited all the infrastructure to keep tabs on people. Suddenly that nice system to keep you safe from terrorists or whatever also makes it impossible for you to do any kind of organized resistance. Of course people have the power, in the end, but only if they unite. If they can't unite, or even exchange information freely, they lose and are powerless.

On the bright side, incompetence will probably save us. ;-)

_____________________
Submited by : Libros Gratis

Consumer Reports WebWatch site

Mason Deaver's picture

Your readers might be interested in the WebWatch site maintained by Consumers Union (well-known as the publisher of Consumer Reports magazine).

Quoting from their Mission page:

"Consumer Reports WebWatch will investigate, inform, and improve the quality of information published on the World Wide Web."

Privacy is one area that WebWatch is interested in.

Google's business model

Tobias Schwarz's picture

In my opinion search is one of the central parts of Googles business model. None of the other products would run that good without all those parts that were developed to improve search. Adwords was developed to make money from search. Adsense became possible when topic detection of websites was improved and Google is only doing so well because they have the best technology at the moment and a huge amount of data to run it on.

Even as Google and others

Martin's picture

Even as Google and others put millions more of us into business, it's still the advertising business. And that business is driven entirely by its supply side.

This is not entirely true. The google model innovates primarily in the sense that they have changed this so that advertising is also now driven by the demand side. Their ranking system takes into account click throughs. If adds are not helpful to users they will be reduced in relevance and will not get displayed as often. This is very different from legacy advertising models.

For every click-through there are hundreds, thousands or millions of "impressions" or "exposures" that are actually neither. They are noise. Instead of wasting trees (as print media do) or time (as broadcasting does), they waste server cycles, packets and pixels.

It is easy to attack privacy as an issue, but once you realize that they could actually be doing users a favor by not showing them adds that are deemed to be not relevant to them you might be willing to think a little more honestly about this issue.

After all, if women never have to see "enlarge your p..." adds, I would consider that a win. :)

Adds will be shown to people as long as those adds continue to benefit some of those people, all the better if those adds can benefit more people.

Those come cheap, but they're still waste, still noise, still clutter. They are distractions, and they get in the way.

It is easy to point out what you see as failures, but the fact is that people are clicking on these links. How many people are actually being served by this? It is unfair to paint a one sided picture of corporations being the only benefactors of advertising/sales. Every consumer who makes a purchase is benefiting also -> that's a lot of benefit to go around! Nothing is perfect, but the models which create the best compromises between good and bad survive best in a free market place where best can, and is being reevaluated perpetually by real people who actually have to interact with these models. Google is giving people (not just corps) more benefit than anyone else has ever done in the advertising business.

Very nice

Johnnnn's picture

So, very nice site! Congratz! I add this site in my bookmark :)

google is black ;-)

Martin's picture

hhhe Google is black. yes it's true
thanks

Google is bad :/

Breakdance's picture

Yes, google is bad company. Yahoo is better than google.
Greetings,
Breakdance

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState