On April 2, the Wall Street Journal reported that Facebook is in hot water with government regulators in six European countries over its practice of tracking users’ movements across the web to sell targeted advertising. The kerfuffle illustrates the bind that the world finds itself in over tracking — the collection and sharing of data on users’ browsing habits to help sites offer personalized content such as ads or recommendations.
On one hand, tracking has become a backbone of the Internet’s advertising ecosystem and is understood by most Internet users to be a necessary evil in exchange for a richer, more convenient online experience. (Do people really want to fill out purchasing forms on Amazon.com every time they order a book?)
On the other hand, cookies and other tracking mechanisms continue to raise hot-button issues about privacy as companies get ever-more creative and aggressive in their tactics and find ways to defeat a growing raft of anti-tracking technologies.
People will never achieve true privacy and anonymity online.
I’ll leave it to the legal experts to decide whether Facebook broke European Union law stating that websites must disclose cookies and ask permission of each user. (Facebook has responded that the company follows European data protection law and that the six countries — Belgium, France, Germany, Italy, Spain and the Netherlands – lack the authority to investigate it anyway since Facebook’s European privacy policy is governed by regulators in Ireland.)
But is anyone really surprised that Facebook is resourceful in its tracking practices? Is it really so shocking that Facebook may be combining information from Instagram, WhatsApp and other services to target ads toward its users, and uses its “like” button to track browsing activity?
Doesn’t everybody know that collecting information about users is at the core of the business model for Facebook (and other big players like Google and Twitter)? Hey, we get served targeted ads but can reconnect with an old friend or post a photo of dinner free of charge. That’s the deal, right?
The truth is, people will never achieve true privacy and anonymity online. Tracking is not only here to stay, it’s getting more pervasive and sophisticated. The technology now exists to track your movement across the web without even needing cookies. “Canvas fingerprinting” for example, is one of a number of cookie-less browser techniques that allow sites to uniquely identify and track visitors. In addition, Facebook and Google are becoming more savvy about correlating individuals’ activities on multiple devices, getting a single view of a person’s online behavior across their smartphone, laptop and any other devices.
Furthermore, as emotional a topic as tracking can be, few people change their online behavior because of it or even bother to read the legalistic-to-the-point-of-unfathomable privacy policies that sites post. (People accept giving up personal information in return for perceived value in the physical world too, by the way, every time they use a loyalty card at the supermarket to save a few bucks.)
All of this proves that the world is engaged in the wrong conversation when it comes to Internet privacy. Tracking happens – get over it. The conversation we should be having isn’t about absolute privacy, as the European Union seems to believe, but about transparency.
The fight should be about bringing tracking out of the murky shadows and into the sunshine of full disclosure. The Internet public has a right to know the “Five W’s” of tracking at every site they visit: Who is tracking me, what are they doing with the information, where, when and why?
Transparency is the only true solution because right now, the world is chasing its tail trying to regulate tracking technologies. Jeremy Gillula, a staff technologist at the Electronic Frontier Foundation, aptly summed up the situation in an interview with the Christian Science Monitor earlier this year:
“In terms of the technology that is used to track people, there is an arms race. It started with (Web browser) cookies. Then we blocked those. Then the tracking companies moved to browser fingerprinting and then super cookies and HTML headers inserted into Web traffic.”
Several browser extensions and other software tools promote themselves as protecting online privacy, but sites have a way of implementing ways to outsmart them and these tools may not always be trustworthy themselves.
For example, the parent company of Ghostery, which bills itself as the web’s most popular privacy tool, has been said to gather information on the trackers that Ghostery users see, and then sell that data to advertisers, many of whom are responsible for the trackers in the first place.
How much simpler and more effective it would be to stop this madness.
If governments want to set rules about privacy, they should focus on full transparency about tracking rather than what you can or can’t do with cookies. Better yet, companies should offer it voluntarily.
Transparency would serve as a self-correcting market force, weeding out sites whose practices people aren’t comfortable with.
Rather than today’s often-impenetrable privacy statements, companies should publish a detailed, dumbed-down description of their tracking procedures. When you visit a website, who is that website sharing its data with? Facebook, for example, could avoid its European problem if it simply disclosed what data it collects, what it does with that data, with whom they share it, and what those others do with it.
Would this be asking companies to give away competitive secrets? Not if there’s a level playing field, with everyone bound by the same rules. And, remember, it’s our information being collected.
Transparency would serve as a self-correcting market force, weeding out sites whose practices people aren’t comfortable with. Let the market decide what level of tracking is appropriate, not government agencies.
Greater transparency would put an end to the silly tracking technology arms race. No more trying to regulate technologies that probably can’t be regulated.
And, best of all, people would stop conflating privacy with security. While some people obsess about cookies, which rarely hurt anyone, hackers and criminals are using web bots to launch sophisticated attacks intended to penetrate and take over website infrastructure. The number of bad bots on the Internet has soared into the billions.
In fact, April — the same month government regulators in Europe got in a twist over Facebook’s tracking procedures — marks the first anniversary of the Heartbleed bug that exposed sensitive business and financial data to cyberattack and forced thousands of businesses to scramble to secure their servers.