Fifteen years ago, people in the technology field were very concerned about online privacy. They came up with a convoluted and complicated privacy solution called P3P. it failed to win the approval of anyone other than geeks because it was far too complex, complicated, and unwieldy for the average user to learn. P3P went down the proverbial tubes. Fifteen later, they’re promising us privacy again with the Do-Not-Track phenomenon. P3P was too complicated and Do Not Track is to simple – and what does it really protect you from anyway?
“I think Do Not Track is a very much watered-down P3P,” the Carnegie Mellon professor tells RWW. “It’s much, much simpler. It’s not nearly as powerful. So the question is, was the problem with P3P that it was too complicated, and this very simple thing is what will allow [privacy] to get adopted? I don’t know; my crystal ball isn’t good enough… If we had P3P, we’d have a way for users to say, ‘Okay, if they ask me for this, this, and this then it’s okay; for any of these other purposes, it’s not okay.’ Your browser knows, your browser could deal with it.” (Seehttp://allanalyst.com/post/dr-cranor-on-do-not-track-and-the-improbability-of-complete-privacy/ )
Because no one could make P3P tenable to the public, and because for nearly 15 years no one really cared all that much, Do Not Track is now being touted as the savior of our online privacy. But it’s not.
Maybe some of you have installed Do Not Track software. If you have then you’ve probably looked at the huge number of things that have been blocked. Those things are called “cookies”. And since we’ve covered cookies at least a dozen times in this newsletter, you know by now that cookies are text files which are “dropped” (downloaded) onto your hard drive when you visit a Web site. While some sites claim they don’t drop cookies, they do if they’re hosted by a hosting service. Almost all small and medium Web site cannot afford to maintain their own data centers and servers and employ a staff of technicians to maintain the servers. So they opt for hosting services. That’s what we do and almost all of the other sites you visit except for the top tier of sites (Amazon, Google, Apple, Facebook, Twitter, etc.) which maintain their own servers and data centers. Cookies do not contain personal information about you. Cookies do not and cannot infect your computer. Cookies are not the problem.
Do Not Track software really doesn’t do anything except block cookies. The real danger on the Web (as we’ve said hundreds of times) isn’t cookies – it’s you and me and everyone else. Very few us use strong passwords. And more than a few of us use the same password for everything – and that is far, far worse than any cookie that ever found its way onto your computer.
Another danger is the trustworthiness of the sites to which you give your personal information. When you give your personal information to Facebook, for example, you’re trusting they’ll keep it safe. You’re trusting they won’t sell your information (which is worth a lot of money). You’re also trusting that every employee of Facebook who has access to your personal information has been properly vetted. And then there is always the chance that a person who was probably vetted will not maintain his or her honesty against the opportunity to steal information and sell it. That requires a lot of trust.
Do Not Track may be worse than useless, it may even be dangerous if it continues to be touted as a way to ensure your online privacy. If users really believe that Do No Track is the solution to online privacy they may be inclined to relax, let their guard down and rely on software to protect them. Do Not Track is not going to lead the way into a golden era of online privacy.
The really sad part of Do Not Track is that it’s going to make a lot of people millionaires. A whole industry is already salivating over this new emerging market. And what’s the best way for Do Not Track marketers to sell their wares? You guessed it – by scaring you into believing that if you don’t use Do Not Track software or if you don’t turn it on in your new Do Not Track browser (all major browsers will have this feature soon), you’ll be in dire jeopardy.
But you’ve seen this tactic before. Firewall vendors have made billions of dollars by scaring users into buying third-party firewalls they didn’t need, and never really figured out how to use. You’ve seen it with the virtually useless Lifelock service, offered by a company that has been sued for millions of dollars by the FTC for making false claims. Lifelock’s TV commercials dumb-down Internet safety to such a ludicrous level I’m surprised they aren’t being sued again.
Let’s look at Lifelock which will take your money and tell you they guarantee your identity will never be stolen. Lifelock’s CEO Todd Davis has had his identity stolen 13 times. That’s a fact. And in most cases his company’s Lifelock program didn’t catch it and didn’t protect him. Maybe displaying your Social Security number on the sides of busses and on billboards wasn’t such a hot idea, Todd.
“LifeLock CEO Todd Davis, whose number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times, according to the Phoenix New Times.
That’s 12 more times than has previously been known.
In June 2007, Threat Level reported that Davis had been the victim of identity theft after someone used his identity to obtain a $500 loan from a check-cashing company. Davis discovered the crime only after the company called his wife’s cellphone to recover the unpaid debt.
About four months after that story published, Davis’ identity was stolen again by someone in Albany, Georgia, who opened an AT&T/Cingular wireless account using his Social Security number (.pdf), according to a police report obtained by the New Times. The perpetrator racked up $2,390 in charges on the account, which remained unpaid. Davis, whose real name according to police reports is Richard Todd Davis, only learned a year later that his identity had been stolen again after AT&T handed off the debt to a collection agency and a note appeared on his credit report.
Then last year, Davis discovered seven more fraudulent accounts on his credit report that were opened with his personal information and have outstanding debt, according to the police report…”
LifeLock is good example of how fear can be used to sell basically worthless products by playing on the naïveté of people. Lifelock is just an example of this – firewall vendors and Do Not Track software vendors are cashing in on the fear they themselves generate. Do Not Track may well be the worst thing to ever happen to online privacy.
Cookies do not contain personal information. Web sites to which you give your personal information do. And you’re not only trusting the site you give your personal information to keep it safe, you’re trusting the employees of the company who have access to your personal information. There is a huge market for information — and personal information such as your name, address, cell phone number, type of car you drive, whether you own or rent a home, your income, social security number, is worth a lot of money to marketing and research companies. Only someone without any knowledge of how the Internet works could be made to believe that cookies contain the kinds of personal information that would be worth money.
Do Not Track is a ruse that could cause people to lower their guard and believe they’re safe when they are not. Those who do not understand how the Internet works are leading us all down a primrose path – with the blessing of the U.S. Government — which I really believe doesn’t have a clue how to implement any system that would ensure our online privacy.
You’ll be hearing more and more about Do Not Track – it will be the next “thing”. But it won’t keep you safe online, that’s for sure. Only you and your good common sense can do that.
If online privacy were really a concern then Facebook and Google + would not have over a billion users combined. People want to share everything but they want to think they can share everything and still maintain a modicum of privacy? Yet these same people who think they’re only sharing information with “friends” (some of whom they barely know or may not be who they claim to be) will among those who believe that something as simple as Do Not Track can really keep them safe.
That’s our opinion — what’s yours?
the only real solution would be to pass a law that would make it illegal to sell your information.
Other than a false sense of security, I see no harm in it. It cost me nothing, and I put a tiny dent in protecting my privacy.
I agree w/mike. Nothing is going to give me a false feeling of security on the internet. Having an atomic bomb in my pocket as I walk down a dark alley in New York isn’t going to make me feel any safer. But it does stop some data collection both personal, non personal and data sharing. 3 on this pg Google Twitter and FB and 1 on your home page, addtoany who some consider flat out spyware. At least a small dent!
You can block all the cookies in the world — and you’ll not protect one single bit of your private data. There isn’t a cookie in this world that contains your name, your address, your credit card number. If you think deleting cookies protects your privacy then delete all the cookies you want. I’m just telling you that this Do Not Track ruse is the one of the biggest hoaxes since third-party firewalls. A lot of people are going to make a lot of money on paranoia.
On occasion on my Facebook “News” page I find notices that at least two of my friends have READ some article or other at Yahoo–and neither says she “shared” that information with anyone. So how did their perusing find its way to my news page if it isn’t because Facebook is tracking their movements to other sites via its cookie?? If I can be informed of their personal web browsings then who else can? Though refusing cookies is not the way to avoid having your identity stolen, I think its one approach for keeping Big Brother’s nose out of your business. By the way, DNP+ says there are four companies and one ad network attempting to track my visit to your site so my next question has to be: what are YOU gaining from these trackers?
It’s ironic that anyone who is really concerned with privacy would have a facebook account. That being said — we don’t use cookies on our site. Our Web hosting company uses cookies to count the number of unique visitors and to keep a log of IP address as required by law. Any other cookies on our site are from the advertising networks we use – basically Adsense. The money we earn from the advertisements allows us to keep our Web sites online. While you may think — because you have a facebook account that having a web site is free – it’s not. We have four dedicated servers and we pay IT technicians to keep those servers up and running. Unfortunately, neither the servers, the bandwidth they use, nor the techs are free.
If you have a suggestion as to how we can earn $50000+ per year just to stay on the Web without adversting – please send them to us and we’ll be glad to implement them if they are viable.
A word about “tracking”. Tracking cookies are used not to collect your personal information but to learn your preferences for products and services. The reason? You as a woman are much more likely to click an advertisement women’s clothing than you are for men’s deodorant. The more likely you are to click an ad the more they advertiser will pay an ad network for an advertisement. I’d much rather see ads for things I’m interested in – computers, books, nature, astronomy, hiking trails, photography — than I am seeing ads for say women’s toiletries. Cookies (oh yes the abominable ‘Tracking cookies’ make this possible
It is amazing to me that people will sign up for a store’s rewards’ program to save 10% or whatever and not blink an eye — but a bunch of scoundrels on the Web whose primary concern is scaring people who are already scared so they can sell them more security programs they don’t need, are trusted.
You think your Facebook account is private because you’ve changed our privacy settings? Every bit of information that is available to facebook is available to anyone who has the right tools. Have you ever heard of an app for iPhone called “Girls Near Me”? Look it up.
Tracking cookies are far less dangerous to your privacy than Facebook is.