So how come marketers are flashing ads for flea collars on your screen? Not only do they know you’re a dog, they know what you like for dinner and your opinion of cats.
After the recent hack attacks on leading commercial Web sites, President Clinton convened a top-level emergency meeting on Net security. Businesses vowed to tighten up. But where’s the table-pounding on Net privacy? E-commerce can open up your life like a can of beans, and you’re tarred as “antibusiness” if you object.
Few people realize how precisely their private lives can be tracked online, by marketers and others, and how little the “privacy policies” posted by many Web sites mean.
For example, say you’ve sought information about a debilitating disease, spent time in a chat room for recovering alcoholics, surfed porn sites at night or gambled online. The Web sites you visit may be attached to your personal name, address, e-mail address or even phone number. Technically, searches can even be launched for key words, like “marijuana” or “sex,” that you might have left in a chat room or on a public bulletin board. These records–the intimate and the mundane–can trail you for life, like Marley’s chain.
Simson Garfinkel, author of the insightful new book “Database Nation” (312 pages. O’Reilly. $24.95), calls this the dawning of absolute accountability. “Anything that can be known will be known, and it will be known to a greater degree of precision than was ever thought possible,” he says.
Outing you: How are you outed by the Web? Most commonly, through little tags called “cookies,” which are quietly placed on your computer by the Web sites you visit. They can implant a unique identification number, which tells a site exactly who you are when you return. When you buy a new computer and transfer your data from the old one, the cookies come along.
Cookies can make Web life easier. For example, they remember your password when you revisit a useful site. Sometimes they provide the “shopping carts” that keep track of a list of items that you want to buy. Marketers use them to track your personal preferences.
When you’re online and see banner ads on your screen, did you think they just happened to be there, like the ads in NEWSWEEK when you turn the page? Often those ads have been deliberately sent to your screen, because your cookies showed that that’s the sort of thing you like.
When informed about cookies, consumers tend to treat them as nothing more than a nuisance, like junk mail. For the most part, marketers haven’t even known who you were. They knew only that you visited a tennis site, so they served you racquet ads. Two recent events, however, show that cookies and other IDs have a darker side.
One involves DoubleClick, the top company that places ads on the Web pages you view. It used to promise anonymity. But its policy changed last November, when it bought Abacus Direct. Abacus holds records on 88 million households that buy from catalogs. Now DoubleClick can combine your future online viewing with your name and address. For more information, check www.cdt.org. The Federal Trade Commission is inquiring into these and other data-collection practices.
The second event touches on your personal health. The California HealthCare Foundation backed a study of the privacy given by 21 popular health-related sites–not what they say, but what they do. It found that most sites betray you, sometimes in violation of their stated privacy policies. Advertisers on many of those sites may be able to get your name and address. Third parties may see any health data that you trustfully give. (To read the study, which names names, go to chcf.org.)
DoubleClick and other businesses say that cookies are good for you. They bring you ads for the products you’re most apt to want. If you hate being tracked on the Web, you can opt out.
But few people know about opting out, and it doesn’t work for everything. Nor is it easy to crumble the cookies or other identifiers already on your machine. (For help, see junkbusters.com or webwasher.com, or call your Internet provider.)
Businesses also argue that their ads keep Web sites free. “But they don’t need this new level of intrusiveness,” says Lauren Weinstein of People For Internet Responsibility (pfir.org). Ads can be placed on sites that attract interested people. Beyond that, marketers peep.
Bomb site: Advertising is the least of it. Cyberdossiers could be compiled, leaked or subpoenaed for divorce and custody cases, employment decisions, insurance coverage and simple malice. As databases enlarge and merge, Web marketers could have behavioral profiles of you to sell, says Junkbusters’ Jason Catlett. Does that sound farfetched? So did cookies, at first. And what if someone uses your computer to call up a bomb-building site? The permanent Web trail will say it’s you–so don’t bother running for public office. You’ll never be able to explain.
For the first time, personal IDs are entering presidential politics. Both the Bush and McCain campaigns have linked registered Web users to voter lists, to splash ads on Republicans as they browse. CEO John Phillips of Aristotle, a political-consulting firm, says his contracts prohibit the tagging of people who click on ads. So far, Gore and Bradley have placed only general ads, not tied to voter lists. One network the Gore people used says it doesn’t collect data, either. This is voluntary. Minds can change.
I’m no Luddite. I travel all over the Web. But the science of personal tracking is moving faster than we know, and true abuses may result. Only government can lay out zones of privacy (as it has, say, for phone calls). Instead of fighting, business should get on board.
