Author: Carlos Plaza
There is a growing debate about the shadowy tracking practices performed on Internet users to know their tastes and demographic profile, and thus show some ads based on the behavior of users on web pages. To perform this, cookies, web bugs (invisible images which send various parameters on the computer of the user in the request) and profiling of user equipment…
For example, the following image shows how 19 trackers of third-party companies appear in popular news site of TechCrunch technology (announcement networks, analytical tools, social networks…).
This situation has led to:
* These companies have submitted practices and self-regulation mechanisms to convince legislators that it is not necessary to impose methods that would probably lead more users to opt not be tracked.
* Browsers are introducing mechanisms to ensure that users can manage their privacy adapting to the coming legislation.
Given that users do not have permanently assigned an IP address, unlike the phone number, a mechanism of exclusion lists cannot be used as in the case with telemarketing.
Thus, various solutions were proposed; underneath the most important initiatives are reviewed.
The proposed mechanisms can be grouped into:
* Several ones, following the DoNotTrack proposal of the Federal Trade Commission of the U.S. (FTC – Federal Trade Commission responsible for ensuring the rights of consumers and competition) propose: user chooses in his browser if he wants to be tracked or not, and this decision is transmitted to web sites that he visits.
* Others are based on lists of companies in which the user can choose in which sites he allows the tracking.
Internet Explorer (Microsoft)
In the release IE9, Microsoft introduces a mechanism based in lists: Tracking Protection List (TPL). A list contains “do not call” and “OK to call” web addresses; to the former, the browser will only access if the user explicitly clicks a link to that address or types it (therefore, if they appear as a “tracker” inserted into the visited page, they are blocked); the latter, it will be able to access in any case – that is, both if the user explicitly requests it or if they are invoked from another domain.
The user must activate the mechanism, and can enable multiple lists simultaneously; in case of conflict, the “OK” rule prevails. The TPL can be created by anyone, and Microsoft assumes no responsibility on its use, though it provides information on recommended lists.
Here begins the controversy: among the first published lists, there is a huge disparity between the sites that block and those that allow, according to the list that has been drawn up by privacy activist groups or commercial enterprises.
As a non-profit organization that develops the Firefox browser with volunteers, Mozilla has integrated DoNotTrack mechanism in Firefox 4; when the option is enabled by the user, it includes an HTTP header (DNT=1) the visited website that user does not wish to receive advertising based on his behavior. indicating
Currently, there is no legal obligation to implement this mechanism by web sites.
In addition, there are numerous complements for Firefox that allow to recognize what trackers operate in a web site and block them, block ads, cookies, scripts….
Google provides a “Keep my opt-outs” extension to its Chrome browser that allows user to choose the option not to receive advertising based on his behavior. This option is saved permanently – it does not affect the deletion of cookies – and it works with companies that adopt the practices of the self-regulation program of online advertising based on behavior, as described below.
It is worth noting that Google, whose income is derived almost exclusively from advertising, strongly opposes the Do Not Track mechanism. Thus, while the proposal of the new privacy law was just presented in the U.S. Senate in April 2011 for processing (“Commercial Privacy Bill of Rights Act”), it does not explicitly includes this mechanism (but it appoints the obligation to provide consumers a “clear and visible” way to choose not to be monitored by third parties for marketing purposes), the California State is considering its introduction, and Google is supporting the lobby against this measure.
Advertisers and Marketing Companies
Self-Regulatory Program for Online Behavioral Advertising
It is a self-regulation program involving several American associations of online advertising and direct marketing.
It offers a website (currently in beta) by which a user can choose which companies he allows drawing his behavior to display personalized advertising.
It is required that users allow third-party cookies in their browser, since it consists in deleting cookies that the program companies had saved in the user’s computer and setting a single cookie indicating that the user’s choice will be consulted in the future by those companies.
Obviously, if cookies are erased, opt-out disappears (unless you use Chrome with the complement described above).
Currently, there are 70 companies benefiting from this program.
NAI –Network Advertisement Initiative
It is an iniciative of advertiser networks employing the same principles and mechanisms that the program described above – indeed, it has joined it.
The European Interactive Advertising Bureau is the association that encompasses national associations of advertising and interactive marketing from different European countries.
In April of 2011 it has submitted a similar proposal to their counterparts in the United States so that users can choose their preferences on personalized advertising.
On the one hand, it is positive that both industry and legislators are moving to offer users the information mechanisms and privacy control.
On the other hand, the fact that the method to express users choices is different depending on the browser or marketing and advertising company, or that there are no clear methods for smartphones or television applications – which are a growing market-, suggests that there is still a long way to go to resolve the dilemma of a fair balance between online privacy-business.