Wall Street Journal recently posted a series of articles, called "What They Know", exposing the user tracking practices of top US web sites. In their investigation they found that more than 100 tracking tools are being installed into the computers of people visiting them.
In addition to standard cookies, which can be used for tracking the user within a single web site as well as remembering information that the user puts in, these tools also include third party cookies and beacons which are used for cross-site tracking of user activity. Sometimes web sites even record user keystrokes and clicks therefore making a record of the user's exact actions on the site.
The data collected is put together into profiles which advertising agencies use to perform "targeting", that is, showing specific users the ads that the user may be likely to find of interest. This is supposed to increase the relevance, value and effectiveness of ads, causing more sales of products being advertised.
All of the data is anonymous in the sense that it is attached to a number instead of a person's real name, but the sophistication with which it is gathered and put together makes it seem quite possible to connect the dots in a way that leads to the actual person in question. The theoretical or technical anonymity is probably the industry's biggest defense of their practices.
The Journal's reports are already making waves, building on the growing public concern over user privacy on the internet, which recently focused on Facebook's privacy practices, and spurring debates over such questions as the necessity of user tracking, the value of targeted ads, and the future of the advertising industry.
There are critics, of course. Jeff Jarvis, for example, called The Journal's series as scare mongering due to their choice of words, and also pointed to the fact that most of WSJ is now under a pay wall, after a recent push by News Corp's Rupert Murdoch for paid news content. The obvious idea is that the News Corp doesn't need to rely on advertising as much anymore, and is therefore free to spread FUD (Fear, Uncertainty and Doubt) about others who do. That would, as Mr. Jarvis points out, be just a "conspiracy theory".
Disconnect
When faced with the knowledge that they could be so thoroughly spied on and tracked while visiting web sites some might actually be tempted to just disconnect from the internet, but that's not what I want to talk about, and I think that would be a painful overreaction..jpg "User Tracking and the Disconnect Between Web Users and Industry"){kind=tracking}
The disconnect I am referring to comes from a larger disconnect that seems to be present in our society, one between "consumers" and "the industry". "Consumers" are commonly perceived as prey and "the industry" as predators. The very term "consumers" also suggest that they are here to just passively "consume" what is being provided to them by the industry, which is in turn perceived as caring for nothing other than their bottom line, and always looking for an opportunity to subvert and control the "consumers".
Unfortunately, there is probably some truth to these characterizations. We are not quite living in a purely capitalistic society so much as a corporatist one. The difference is that in a corporatist society the market accountability of big businesses is purposefully subverted through what is essentially government subsidizing of business through the institution of a "corporation" with "limited liability". This is far from what free market capitalism is supposed to be, which implies full liability of business owners for their market actions, and therefore extremely high accountability to their customers.
Lower accountability fuels greater disregard for customer's desires which in turn fuels customer's distrust for the businesses in general, creating a disconnect that can't lead to a healthy mutual relationship between customers and businesses. Instead, one always seems to be at the other's throat, trying to control, regulate or somehow subvert it.
The way this disconnect translates to the web publishing world is evident in two ways. Firstly, most people probably weren't aware of the full extent to which they are being tracked online, and might find the WSJ's articles quite revealing if not shocking. Secondly, most people have come to take a lot of free online content and services for granted while at the same time often despising the advertisements they see.
Ignorance
The first indicates poor communication between users (to avoid the term "consumers") and web site publishers about the site's policies. While almost every web site has the "terms of service" as well as the "privacy policy" few ever read them, and they are written in a language that is actually discouraging towards reading them, often long and cryptic, and as such completely unfit for a fast paced online world.
Ideally, you would read the terms of use and privacy policy of every site you ever visited. Imagine if you had to read these documents every time you visit a page from google's search results. That will obviously never happen, and would be ludicrous. These documents are then left as a mere formality, and as an excuse for publishers to do esentially whatever they want. If a practice is covered in their terms of use or a privacy policy then it is, of course, fair game. The user visiting the site implicitly agrees to it just by the act of visiting.
This also leaves the user essentially helpless. The only options are to either read all these documents for every site, to not visit those or any sites (in which case you might as well just disconnect from the net), or to just accept the fact that you're subject to whatever the terms are as you visit the sites, and hope that they're nothing too draconian. Most people, of course, take the third option.
Now, I wouldn't deny web publishers the right to set their own terms, whatever they may be. When I visit a web site my browser is making use of the publisher's web server, and therefore, its owner may set the terms of such use.
For this to really work, however, one has to be presented with the terms before even being granted access, or at the very least the terms have to become known as soon as access is initiated, yet most people never get acquainted with the terms and operate under the assumption of implicit agreement to whatever they are.
Clearly, this leads to complete ignorance regarding the non-obvious practices of the web site owners, which disarms the users from the ability to immediately act upon practices which they deem unacceptable, until someone (like WSJ in this case) does an investigation and publishes an expose on the issue. Then everyone starts screaming foul.
I think it is clear that there has to be a change here. Perhaps web sites should provide a very simple user-friendly, and honest, version of their terms and privacy policy to visitors as soon as they land on a site. There are other ideas which aim to resolve this issue, such as Doc Searl's r-buttons, though they go even further in allowing the visitor to in a sense "negotiate" the terms of use rather than just accepting them.
Taking content for granted
The second issue, taking free content and services for granted while despising ads, can easily cause tensions between providers of content and services trying to cover costs and get paid for it, and users who might not be willing to pay for it directly, but don't quite find the ads appealing either.
If the only way to get rid of user tracking and spying is to get rid of advertising (which, it can be argued, creates the incentive for tracking and spying) then how are content and service providers going to get paid? One obvious answer are direct payments through subscriptions, micropayments or donations, but then those who don't want ads have to be prepared to start paying for online content directly, which I wouldn't bet on a lot of people actually doing.
Getting rid of all advertising is, however, probably not the only way. There are multiple ways that ads can be used to effectively monetize web sites, and the best ones should inevitably be determined through a cooperation between users and web owners. Just solving the ignorance problem described above would go a long way towards that.
Only targeted advertising requires sophisticated user tracking, but not all targeting is the same. Contextual ads can rely solely on the content of the page they are displayed on to show relevant ads. No information needs to be collected from the user.
There is, however, an argument that targeted ads are actually worse and less desirable than non-targeted ones. Don Marti explains it like this:
Targeted advertising works against customers in two ways: first, like other database marketing, it's an alternative to making the customer a better offer, or sponsoring a better "package" of content or services. Second, it reduces the signaling value of advertising, and hides valuable information about the advertiser's intent. For example, in the IT market, vendors use advertising to signal their intent to continue supporting a product and releasing new versions and compatible add-ons. If a vendor could target only existing users of a no-longer-maintained product, it could send a false signal.
This issue is up for debate, but whether targeted ads are best or not advertising seems unlikely to go away, and there are multiple models for it to work. The best one could be found through improved communication between the web users and web providers.
Government regulation is not the answer
Some have already called for government to get involved in regulating the advertising industry, but this would be a foolish knee jerk reaction. This issue is too complex for a government with its inefficient and slow bureaucracies to be able to effectively handle. Furthermore, various industry lobbying could easily end up producing a law that does more or less than actually solve a problem, depending on whose lobbying efforts ultimately win.
Not only that, but regulation would only contribute to the problem of a disconnect between users and the industry. Instead of working with the industry to bridge the gap between what they think the users can handle and what the users actually want, we would just be bringing in the "tough guys" to make sure the industry doesn't "misbehave", no matter that different people have different definitions of such "misbehavior", and that the industry itself will retaliate with heavy lobbying. It's a really primitive way of solving problems, and only perpetuates the perception of users as just helpless "consumers" who need a tough guy looking after them, and "the industry" as the soulless predator always on look out for victims.
Additionally, regulations tend to be quite rigid and quickly become obsolete, especially in the fast evolving landscape of the internet. Governments aren't good at keeping up with technology.
Finally, the government itself is guilty of some of the worst spying and tracking practices. There is something quite strange about trusting the worst offender with the task of policing other offenders, especially when we consider the difference in purpose between the tracking and spying of the two:
The industry is doing it to essentially get to know the users so that they can sell them stuff that they're actually interested in. There may be some manipulation going on in so far as greater knowledge of your online behavior gives them the ability to play on your triggers to get you to buy something, but buying something or seeing something you don't quite want to is the worst thing that can happen here, at least as far as the primary purpose of this data collection is concerned.
Government, on the other hand, whether you believe it is for your own good or not, is essentially made to regulate or control behavior. The worst thing that can happen as a result of government's own tracking and spying is a life in ruins over legal costs or even jail time because you broke some law that criminalizes an activity which doesn't even come close to having an actual victim (thanks to the war on drugs, war on piracy, war on "terror" etc.). Think of invasive searches and property seizures on airports in the name of "national security" just for looking "suspicious" to a random TSA employee.
Basically, the question is who watches the watchers?
Conclusion
It is easy to get upset when seeing how much of your online activity may be tracked and measured and profiled in order to show you the relevant ads, but the issue has its causes, and I believe a severe disconnect between web users and web providers (and more broadly the "consumers" and "the industry") has a lot to do with it.
This disconnect disrupts the mutuality that should exist in a relationship between a user of content or a service and its provider. We routinely visit web sites without even knowing what their terms of use or privacy policy are, and given how impractical it would be to read every one of them we simply accepted that we are subject to these terms whatever they are, and trust or hope that they're not too bad.
This is clearly not a good state of affairs, and something has to be done. The WSJ series, as scary as it may be, is a good start in terms of raising awareness, but the next step should be the promotion and adoption of such systems as the Doc Searl's r-buttons and other ways of improving the communication between web providers and web users in a way that will enable every web user to know what they are getting themselves into when they use specific web sites and services.
This way, whenever we see something that goes too far we can react immediately by either ceasing to visit the site or complaining, which would help balance the interests of advertisers and web owners with the interests of their users.
