Privacy advocates and lawmakers have increasingly turned their attention to behavioral targeting companies that track users across the Web and serve ads based on their activity. Now, Microsoft is throwing itself into the debate with a new product that could foil some forms of behavioral targeting.
The company has just said its new version of the Internet Explorer browser will help people keep their Web-surfing activity confidential. The browser will come with two new privacy-friendly features: InPrivate Browsing and InPrivate Blocking. When turned on, InPrivate Browsing will automatically clear users' Web history while InPrivate Blocking will prevent companies from setting tracking cookies or otherwise tracking users across a variety of sites.
Privacy advocates are cheering the programs for giving consumers more control over who can view their Web behavior. While InPrivate Browsing seems somewhat overhyped -- users could previously delete their cache files or cookies manually -- InPrivate Blocking appears to make it much easier for users to automatically block tracking.
Still, before anyone gets lulled into a false sense of privacy, keep in mind that InPrivate Blocking won't necessarily prevent the newest and most controversial type of program to hit the Web -- ISP-based tracking.
That's because Microsoft's program only affects what's stored on users' own computers. ISPs still know all Web sites visited and can still sell that information to companies like NebuAd and Phorm.
NebuAd also stores information about users on cookies, so InPrivate Blocking might theoretically have an impact on the platform, but it's not clear that it would render it useless. Phorm relies on a different type of platform -- one that doesn't appear likely to be affected by Microsoft's new privacy features.
Which means that Microsoft's new program won't moot the policy debate underway in Washington. If anything, the program highlights just how difficult it is for users to control ISP-based targeting.
Thursday, August 28, 2008
Friday, August 15, 2008
Latest YouTube Fuss Shows Tech Limits In Piracy Screens
As of this morning, a two-minute clip showing a protest in New York by Students For A Free Tibet can once again be seen on YouTube. But earlier this week, the clip disappeared after the International Olympic Committee sent YouTube a takedown notice.
The video, "Beijing Olympics Opening Ceremony," included some images related to the Olympics, but clearly doesn't violate the IOC's copyright. Even the IOC now realizes this. When YouTube questioned the Olympics committee about the takedown, the IOC withdrew it.
The IOC sent the takedown notice because it was relying on a computer program to flag videos that violate its copyright, according to the Guardian. But, as such programs are wont to do, it wrongly identified a non-infringing video.
While the video is back up now, the incident highlights one of the problems with attempting to use technology to screen out pirated material: Such technology is notoriously unreliable. It results in the preemptive ban of some legitimate material while also failing to catch some pirated material.
Those flaws are one justification for the current copyright scheme laid out in the Digital Millennium Copyright Act, which allows companies to host user-generated clips without first vetting them for copyright infringement. The DMCA provides that as long as Web companies take down such clips when the copyright holder complains, they're generally immune from liability.
Companies like Viacom would like to see that change. Viacom, which sued YouTube for $1 billion for copyright infringement, argues that YouTube should proactively install filters to screen out Viacom content.
As this latest IOC takedown snafu shows, there are good reasons why YouTube is fighting the notion that it's legally required to engage in such preemptive screening.
Wednesday, August 13, 2008
Cable One's Privacy Gaffe
When privacy advocates first said that ISPs might be violating federal wiretap laws by selling information about users' Web activity to behavioral targeting company NebuAd, the company said it always obtained users' consent to the tracking.
Or, more precisely, NebuAd said it allows users to opt out of receiving targeted ads. Many advocates questioned whether deploying tracking technology by default and putting the burden on users to opt out really satisfied the requirement that users consent, but at least NebuAd could say with something of a straight face that people had some choice in the matter.
But now it's come out that at least one ISP, The Washington Post Company's Cable One, didn't even give subscribers that option. In response to a Congressional inquiry, Cable One said it didn't allow users to decline to participate in a recent test of NebuAd's platform. Letting users opt out of tests of new technology "would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers," the company told Congress. Instead, Cable One went ahead and allowed NebuAd to deploy its technology to track the Web activity of 14,000 cable modem subscribers in Anniston, Ala. for six months.
Cable One justified the failure to let users opt out by saying that subscribers knew the company might spy on their Web activity when they signed up for broadband because the acceptable use policy mentions that the company may occasionally monitor "bandwidth, usage, and content." Of course, even if it's true that subscribers read the fine print in the acceptable use agreement and knew that Cable One might be watching them online, they still didn't know that Cable One would sell their clickstream data to NebuAd. And, even more important, they had no way to opt out of it.
NebuAd didn't collect names, addresses or other personal information, but industry observers ranging from privacy advocates to the FTC still say that people still should have some say over whether they're tracked for ad-serving purposes.
Other companies to test NebuAd didn't do much better. CenturyTel, Embarq and Knology are among those who buried news of the test in obscure language in their privacy policies, but at least subscribers had the chance -- remote though it was -- to learn about NebuAd and opt out.
The companies might, arguably, have followed the letter of privacy principles, if not the spirit.
But Cable One didn't follow either the letter or spirit of well-established online privacy principles. And it arguably violated federal wiretap laws. It wouldn't be at all surprising if lawyers soon descended on Anniston, Ala. in search of plaintiffs for what might become the first lawsuit triggered by NebuAd.
Or, more precisely, NebuAd said it allows users to opt out of receiving targeted ads. Many advocates questioned whether deploying tracking technology by default and putting the burden on users to opt out really satisfied the requirement that users consent, but at least NebuAd could say with something of a straight face that people had some choice in the matter.
But now it's come out that at least one ISP, The Washington Post Company's Cable One, didn't even give subscribers that option. In response to a Congressional inquiry, Cable One said it didn't allow users to decline to participate in a recent test of NebuAd's platform. Letting users opt out of tests of new technology "would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers," the company told Congress. Instead, Cable One went ahead and allowed NebuAd to deploy its technology to track the Web activity of 14,000 cable modem subscribers in Anniston, Ala. for six months.
Cable One justified the failure to let users opt out by saying that subscribers knew the company might spy on their Web activity when they signed up for broadband because the acceptable use policy mentions that the company may occasionally monitor "bandwidth, usage, and content." Of course, even if it's true that subscribers read the fine print in the acceptable use agreement and knew that Cable One might be watching them online, they still didn't know that Cable One would sell their clickstream data to NebuAd. And, even more important, they had no way to opt out of it.
NebuAd didn't collect names, addresses or other personal information, but industry observers ranging from privacy advocates to the FTC still say that people still should have some say over whether they're tracked for ad-serving purposes.
Other companies to test NebuAd didn't do much better. CenturyTel, Embarq and Knology are among those who buried news of the test in obscure language in their privacy policies, but at least subscribers had the chance -- remote though it was -- to learn about NebuAd and opt out.
The companies might, arguably, have followed the letter of privacy principles, if not the spirit.
But Cable One didn't follow either the letter or spirit of well-established online privacy principles. And it arguably violated federal wiretap laws. It wouldn't be at all surprising if lawyers soon descended on Anniston, Ala. in search of plaintiffs for what might become the first lawsuit triggered by NebuAd.
Tuesday, August 12, 2008
Google, Yahoo Cut Cookies For Search Ad Deal
Google and Yahoo promise to let users opt out of cookies online after they, Microsoft and ISPs are challenged by lawmakers in the House Committee on Energy and Commerce. Though the cookie cutting is positioned as a way to help protect users' privacy interests, the real reason for it is that Google and Yahoo want to clean their plates as they prepare to argue the merits of their joint search ad deal to the DOJ.
The media and bloggers rushed Aug. 8 to cover the fact that Yahoo said it will let its users opt out of custom ads on its Web site, while Google said that it will let its own users opt out of a single cookie for both DoubleClick ad serving and the Google content network.
Yahoo's and Google's cookie-cutting moves, as I like to call them, were announced as a measured response to a Congressional inquiry about ad customization sent to 33 companies from the House Committee on Energy and Commerce the previous week.
Appeasing the committee is important; the committee wants to determine whether the way that search engines and ISPs track Web searches is legal.
While Google and Yahoo moved to soothe the committee, the more crucial questions are why Yahoo and Google didn't do this sooner, and why they did do this so quickly while the other 31 companies are weighing the request.
They didn't do it sooner because nothing was weighing on them. No group had leverage to make Google and Yahoo let users opt out of cookies, and frankly, not enough users are savvy enough or care enough to force the companies' hands.
I know plenty of people who use Google and Yahoo and don't realize that their Web-surfing habits dictate ad dispersal.
But the government is a bit more savvy, and there is one big reason why Google and Yahoo practically fell prostrate in answering the House so fast.
Google and Yahoo have a pretty significant search advertising pact in the works. The only reason it isn't in effect now is that they vowed to wait three and a half months to let the Department of Justice review it for approval.
They announced the deal June 12, and if all goes well, they could begin their agreement by the end of September. But the deal faces opposition from Microsoft, privacy advocates and others scared to death that Google is gaining too much power in the market.
By answering the House Committee on Energy and Commerce's requests for information about how their advertising works, both Google and Yahoo want to make sure those issues don't delay their search ad deal any further. The Senate subcommittee is already looking at this search ad deal.
So, what exactly did the companies announce? Yahoo Aug. 8 said in a letter to the House Committee on Energy and Commerce that it will offer opt-out of customized advertising on Yahoo.com, expanding its existing opt-out program for customized ads served by Yahoo on third-party networks.
"We understand that there are some users who prefer not to receive customized advertising, and this opt-out will offer them even greater choice," said Anne Toth, Yahoo's head of privacy and vice president for policy.
This new opt-out capability will be available for consumers by the end of August. The tool will be accessible through a link in Yahoo's privacy center, which is linked on the home page and nearly every page on the Yahoo network.
Google went a little further in its letter to the committee, specifically telling the members that it does not do so-called "deep-packet" inspection to derive information about users to better target them with ads.
However, Google did acknowledge in its letter that it does believe that behavioral advertising, if done carefully, can be a valuable tool for the company to leverage. Google noted in its letter:
Though it is not the focus of our business today, we also believe that behavioral advertising can be done in ways that are responsible and protective of consumer privacy and the security of consumers' information.
The key question that Google has yet to answer is how. How will it institute viable behavioral advertising without using cookies and Web-surfing behavior to know what its users are doing online?
This will continue to be a crucial issue as Google, Yahoo, Microsoft and other companies that depend on online ads as a revenue stream leverage behavioral targeted ad capabilities to place the right ad in front of the most appropriate Web consumer.
These companies will have to strike a balance between leveraging information about users' Web-surfing habits to create more appropriate ads, and respecting users' privacy.
The latest cookie cutting from Google and Yahoo is being positioned as a move toward the latter, but again, I just think the vendors felt compelled to make these moves to keep their plates as clean as possible as they attempt to sway the DOJ on the legitimacy of their search ad deal.
The media and bloggers rushed Aug. 8 to cover the fact that Yahoo said it will let its users opt out of custom ads on its Web site, while Google said that it will let its own users opt out of a single cookie for both DoubleClick ad serving and the Google content network.
Yahoo's and Google's cookie-cutting moves, as I like to call them, were announced as a measured response to a Congressional inquiry about ad customization sent to 33 companies from the House Committee on Energy and Commerce the previous week.
Appeasing the committee is important; the committee wants to determine whether the way that search engines and ISPs track Web searches is legal.
While Google and Yahoo moved to soothe the committee, the more crucial questions are why Yahoo and Google didn't do this sooner, and why they did do this so quickly while the other 31 companies are weighing the request.
They didn't do it sooner because nothing was weighing on them. No group had leverage to make Google and Yahoo let users opt out of cookies, and frankly, not enough users are savvy enough or care enough to force the companies' hands.
I know plenty of people who use Google and Yahoo and don't realize that their Web-surfing habits dictate ad dispersal.
But the government is a bit more savvy, and there is one big reason why Google and Yahoo practically fell prostrate in answering the House so fast.
Google and Yahoo have a pretty significant search advertising pact in the works. The only reason it isn't in effect now is that they vowed to wait three and a half months to let the Department of Justice review it for approval.
They announced the deal June 12, and if all goes well, they could begin their agreement by the end of September. But the deal faces opposition from Microsoft, privacy advocates and others scared to death that Google is gaining too much power in the market.
By answering the House Committee on Energy and Commerce's requests for information about how their advertising works, both Google and Yahoo want to make sure those issues don't delay their search ad deal any further. The Senate subcommittee is already looking at this search ad deal.
So, what exactly did the companies announce? Yahoo Aug. 8 said in a letter to the House Committee on Energy and Commerce that it will offer opt-out of customized advertising on Yahoo.com, expanding its existing opt-out program for customized ads served by Yahoo on third-party networks.
"We understand that there are some users who prefer not to receive customized advertising, and this opt-out will offer them even greater choice," said Anne Toth, Yahoo's head of privacy and vice president for policy.
This new opt-out capability will be available for consumers by the end of August. The tool will be accessible through a link in Yahoo's privacy center, which is linked on the home page and nearly every page on the Yahoo network.
Google went a little further in its letter to the committee, specifically telling the members that it does not do so-called "deep-packet" inspection to derive information about users to better target them with ads.
However, Google did acknowledge in its letter that it does believe that behavioral advertising, if done carefully, can be a valuable tool for the company to leverage. Google noted in its letter:
Though it is not the focus of our business today, we also believe that behavioral advertising can be done in ways that are responsible and protective of consumer privacy and the security of consumers' information.
The key question that Google has yet to answer is how. How will it institute viable behavioral advertising without using cookies and Web-surfing behavior to know what its users are doing online?
This will continue to be a crucial issue as Google, Yahoo, Microsoft and other companies that depend on online ads as a revenue stream leverage behavioral targeted ad capabilities to place the right ad in front of the most appropriate Web consumer.
These companies will have to strike a balance between leveraging information about users' Web-surfing habits to create more appropriate ads, and respecting users' privacy.
The latest cookie cutting from Google and Yahoo is being positioned as a move toward the latter, but again, I just think the vendors felt compelled to make these moves to keep their plates as clean as possible as they attempt to sway the DOJ on the legitimacy of their search ad deal.
Subscribe to:
Posts (Atom)