Good-Bye to Privacy?

New Yorker Barry Hoggard draws a line in the sand when it comes to online privacy. In May he said farewell to 1251 Facebook friends by deleting his account of four years to protest what he calls the social network's eroding privacy policies.

"I'm sick of keeping track of my Facebook privacy settings and what boxes I have to check to protect myself," says Hoggard, a computer programmer. "I don't have a lot of illusions about online privacy, but Facebook has gone too far," he says of Facebook's recent privacy policy changes.

Illustrations: Harry Campbell
From Facebook to advertisers who may be putting your online identity up for sale to the highest bidder, and to strangers who could track you across town, new ways of using technology and the Internet are making privacy issues a flash point for controversy.

"Privacy today isn't what it was a year ago," says Jeffrey Chester, director of the Center for Digital Democracy, a nonprofit group that promotes online privacy and free speech. "It wasn't long ago we were worried about advertisers planting cookies on our PC," he says. With today's trends, keeping a handle on your privacy is going to become even harder a year from now, he adds.

What follows are several emerging privacy threats.

Social Networks

Do social networks herald the end of privacy? Lots of former Facebook users who recently ditched their accounts in protest think so. With 450 million users, many say, Facebook is a bellwether for other social networks on user privacy.

Swapping small talk and vacation photos made Facebook addictive for users. But over the years, they've watched as their private info became shared with a growing sphere of strangers--advertisers. And in May, Facebook made changes to its privacy policy that exposed more personal data to a wider range of marketers.

This image shows Facebook's Instant Personalization pilot program, which allows Pandora to notify users of their Facebook friends' music preferences.
One change involved the Instant Personalization pilot program, which let selected Facebook partner Websites access your data and tailor content to your tastes. With Instant Personalization activated, your Facebook information can be accessed the moment you arrive on partner sites including Microsoft's Docs.com, Pandora, and Yelp. When the program launched in April, Facebook automatically activated it for all users. However, a privacy uproar forced the company to revise its policy. Instant Personalization is now optional for users.

Facebook has suffered privacy backlashes before. In 2007 it introduced Beacon, an ad system that tracked certain actions of Facebook users on 44 partner sites so as to report those actions back to users' Facebook friends network. But many users revolted, citing privacy concerns. Facebook CEO Mark Zuckerberg quickly apologized and made Beacon an optional feature.

"Facebook is literally turning down the Facebook privacy settings for its users," says Electronic Privacy Information Center director Marc Rotenberg. In early May, EPIC and 14 other consumer groups filed a complaint against Facebook with the Federal Trade Commission. The complaint accuses the site of following unfair and deceptive business practices, in part, for disclosing previously private details to the public.

Google Buzz (the search giant's social network) has also endured privacy issues. Buzz exposed a list of users' most frequently accessed e-mail contacts when it launched earlier this year.

Social networks have forced users to rethink what privacy is in a world where public sharing of private lives has become commonplace, observes Jeremy Mishkin, an attorney specializing in privacy law. "The real issue is how best to assure individuals they have control of their own information," Mishkin says.

Facebook declined interviews, but issued a statement: "It's important that Facebook and other sites provide [users] with clear control over what information they want to share, when they want to share it, and with whom. We're listening to feedback and evaluating the best way to respond to concerns."

Note: We have tips to help you negotiate the maze of Facebook's privacy settings.

Data Harvesting

Creating a digital profile on you gets a lot easier if you are on Facebook or Google Buzz and hanging a shingle on LinkedIn. That marketers use your interest in, say, Volkswagen cars to target-market you a new Jetta may be no surprise. But will your Facebook status ever be used by a credit agency, health care provider, or future employer to determine if you are a good bet?

Firms such as California-based Rapleaf say they are working with financial institutions to run their databases of e-mail addresses to assemble customer profiles based on information shared on social networks. Rapleaf's vice president of business development, Joel Jewitt, says it collaborates with company marketing departments, not credit-approval departments, to better target financial services to banking customers.

Rapleaf is merely one of many firms--ranging from Acxiom to Unbound Technology--that tap into social networks to marry your profiles, tweets, and LinkedIn information with your e-mail address. If a company wants to know more about you, it can just hire one of these outfits.

The firms bristle at the notion that your credit card interest rates could be jacked up based on a tweet that you just got laid off. But privacy experts say that this may be a reality in coming years (see related story: "Can Your Online Life Ruin Your Credit?").

To privacy activists, online advertisers have always been too smart for their own good. Now two emerging trends in advertising have privacy groups once more complaining that Madison Avenue has gone too far.

Offline Links to Your Online Life

The first trend is advertisers' combining online and offline data to build digital dossiers of Web surfers. Companies such as BlueKai, DataLogic, and Nielsen are working with online advertisers to help them reach Internet users with ads based on their offline behaviors and demographic attributes. Advertisers are careful to note that only nonpersonally identifiable information is used and that people are never identified by name, but rather as demographic subgroups. Want to show a banner ad to, say, a conservative Caucasian mom with three kids, age 34, with a household income of $120,000, who works out four times a week at the gym? No problem.

Connections between the offline and online worlds are often made via an e-mail address kept on record by a company that you do business with. That e-mail address could create a link to a composite profile made up of your online activities from sites such as social networks. By cross-referencing that e-mail address, advertisers can show you banner ads tailored to your spending habits and to your political views expressed on Twitter.

Real-Time Shark Bait

The second trend is a real-time ad-bidding technology that lets advertisers, such as Google and Yahoo, track users online and deliver customized third-party ads--all in the blink of an eye.

Here is how it works. As you go from site to site, advertisers can bid in real time to show you an ad tied to your online activity. For example, if you are shopping for a Nikon digital SLR camera, you may see an ad for a competing Canon DSLR model on the next site you visit. If you buy that Canon, advertisers can then bid--in a fraction of second--for the right to show you, on the next site you jump to, ads for lenses for that camera.

Advertisers can track you from site to site only if the same advertising company delivers ads to those sites. For instance, Google-owned DoubleClick delivers ads to thousands of the Web's top destinations. Its real-time ad-bidding program is called DoubleClick Ad Exchange.

Privacy Double Whammy

The rise of those two online marketing trends that create cunningly effective advertising campaigns--tailored in just a fraction of a second to a Web surfer's household income, interests, and online activity--may not be a real surprise. But privacy activists say that they go too far and that advertisers are unfairly tracking people and profiting from their data.

"Consumers will be most shocked to learn that companies are instantaneously combining the details of their online lives with information from previously unconnected offline databases without their knowledge, let alone consent," says Ed Mierzwinski of the Public Interest Research Group, a government watchdog organization.

The Center for Digital Democracy's Jeffrey Chester says that this type of advertising fosters predatory ads. Examples could be dubious health cures or high-interest loans for HDTVs.

The CDD, PIRG, and the World Privacy Forum have asked the Federal Trade Commission to look into ad networks such as Google's and Yahoo's. The groups seek more transparency from advertisers and a way for consumers to opt out of this type of profiling.

Advertisers have been sensitive to privacy concerns, according to the Ponemon Institute, a privacy research group. Ponemon says such concerns have prompted online advertisers to use behavioral ads 75 percent less than they would otherwise.

Transparency is key for advertisers, says Scott Meyer, chief executive of Better Advertising. He says the industry has stepped up efforts to ward off government regulation by developing self-regulatory programs. One is the use of transparency icons: Click on such an icon in an ad, and it tells you that the targeted ad is using demographics and behavioral data.

Better Advertising's Ghostery browser plug-in.
Better Advertising offers a browser plug-in called Ghostery that can alert you to hidden trackers and block scripts from tracking you. Chrome, Firefox, and Internet Explorer support the add-on; but, except in Chrome, the blocking functions don't work.

Mobile Stalking

Without a handle on your GPS-equipped smartphone or geolocation services, you may have only yourself to blame for "friending" Big Brother. Here's why.

Mobile social networks Foursquare, Gowalla, and Loopt are designed to make it easy for your friends to track your whereabouts as you go to restaurants, bars, and shopping malls. A bevy of iPhone and Android mobile apps make use of location information. Facebook says it will introduce features later this summer that will make location sharing as easy as updating your status.

This image of Gowalla's iPad app illustrates how you can track other Gowalla users on a map, keeping tabs on their geographic whereabouts.
These services have privacy advocates urging consumers to be careful as to how much they reveal about themselves. In February, privacy groups spoke at congressional hearings on consumer privacy and have been urging lawmakers to limit how much advertisers can track users of these services. Privacy guidelines for location-based services and advertising are outdated and obsolete, they say.

Peer Privacy Pressure

Reward-based geolocation services such as Foursquare, which doles out coupons and "points" for members who broadcast their location, spur these concerns.

"You need to consider whether there is anything that your location might indicate about you that you don't want to be public," says Peter Eckersley, senior staff technologist with the Electronic Frontier Foundation civil liberties group. For example, he says, "are you going to church? To a political meeting? To a nightclub? To the beach on a Tuesday? Are there people who might hold those things against you?"

Mobile Ad Targeting

Still other experts worry about advertisers eager to break into a nascent direct-to-mobile marketing industry. Mobile social network Loopt says it is developing an ad service that can target offers to repeat customers of a specific store just as they walk in. The company says that advertisers want to reach people as they are making a buying decision.

Apps that run on smartphones and location-aware gadgets, such as the iPad, also concern privacy activists. "With the help of GPS technology, every advertiser is going know where you are [and] what you're doing on your phone," says the CDD's Chester. Mobile apps--even e-readers--will know how close you are to a mall, a restaurant, or your doctor's office, for instance.

Can We Stop Looking Over Our Shoulders?

What is the future of privacy? Will we all just throw up our hands and agree with Facebook CEO Mark Zuckerberg, who famously stated in 2009 that "the age of privacy is over"? Better Advertising's Meyer believes that the creepy "someone is watching me" feeling will dissipate as technology allows you greater control over your privacy, and as transparency increases.

Maybe then we can all stop looking over our shoulders.

PCWorld contributor Ian Paul helped with this report.

Subscribe to the The Advisor Newsletter

Comments