Why the tide is turning in online privacy

Why the tide is turning in online privacy

Tomorrow, Apple releases iOS 9, which will allow you to block online advertisements. It’s just the next step in a movement towards online privacy which is gathering energy from two opposite directions. On the one hand, web users are getting increasingly more nervous about what commercial enterprise knows about them. On the other, they are worried about government.

Commercial enterprise has been in the news this year, government snooping last year. The Ashley Madison fiasco will doubtless make a lot more people nervous about registering their personal details on, ahem, ‘personal’ sites. What is more oppressive to most users, though, is the way cookies are increasingly serving you content from one site to another. If you have cookies turned ‘off’ or ‘only for sites I visit’, have an ad-blocker installed, and have enabled ‘do not follow’ then you may not have noticed this. Turn cookies to ‘on’, though, and disable your other privacy extensions, and you enter a new web: browse something on Amazon and then go to Facebook. Depending on what you actually looked at, you will see Facebook’s ads change to match your interactions. Start surfing the web more generally, and all kinds of ads will pop up tailored for you.

This tailoring experience is eerily like the scene in Minority Report where the protagonist gets ads served to him on the street based on his retinas—except he’s just had replacement retinas, and now the ads think he is a middle-aged Japanese man. Consumers have been clamouring for a more personal experience for years, but the way ads follow you round the web is actually quite creepy. A couple of weeks ago one of my Facebook friends changed his settings and found this happening. He thought he’d been hacked. In a certain sense, he had.

The Guardian Newspaper, one of the more significant web news-presences, now alerts you if you have ad-blocking turned on, inviting you to support the Guardian by other means. It’s an interesting approach, a bit like the new speed signs in Birmingham which say ‘Thank you’ if your speed is at or below the speed limit, rather than just shouting at you if it thinks you’re going too fast. It’s an attractive and consistent response from the Guardian. Others, notably the Murdoch press, have already put their newspapers behind paywalls.

There’s a funny little meme going round Facebook at the moment.

Fake-memeIt purports to be a genuine passport letter sent to the UK Passport Office, sent by someone who cannot understand why the government needs him to confirm his address details, as they should already be on file. Actually, if you follow it through to the end, the irate citizen complains that his family have been in the country since 1776. Interesting year, 1776, as it wasn’t one of the bumper years for UK immigration, though it was the year of US Independence. A little online checking reveals that this is a meme that was originally American, popular in 2011, hastily ‘upgraded’ to British by someone who doesn’t know that we don’t carry ‘National Health cards’ to prove we are entitled to medicine.

What’s interesting is that the fictional correspondent holds up Sky, which installed a satellite dish in 1988 and still keeps contacting him, as an example of the way government ought to work. In 2011, that kind of ‘joined-up’ thinking was still popular, probably one of the last relics of the pre-bi-millennium belief in the power of big data to help the individual.

I personally don’t have a real problem with government holding information about me. Every year I am delighted by the way DVLA allows me to do my car tax with essentially no fuss, and now allows me to access my MOT. GCHQ needs a warrant if they want to search my emails, in the same way that the police need a warrant if they want to search my house. There are checks and balances in place.

I’m altogether more worried about Google, eBay and others colluding on my data. Now, of course, the way cookies work, there is not actually any individual who has access to my browsing history. What happens is, when I go to Amazon, a cookie—a fragment of data—is saved on my hard disk which the browser serves up to any website which Amazon has authorised for the purposes of tailoring my experience. It’s really just an extension of the way Amazon uses your product browsing history to offer you products you might find interesting.

Even that, though, may be alarming. A few months ago I bought some halogen lights for a display. Since then, for a few months, Amazon kept suggesting I buy products to help with home hydroponics: buying histories had associated purchasers of halogen lights with people who like to grow their own recreational substances. If you share a computer, you might not particularly want your partner, spouse, children, or, heaven help you, parents, to start checking the attic and the greenhouse in case you were growing your own.

Apple’s decision to introduce ad-blocking is partly an enhancement of its brand-offering: it’s positioned itself for years as the friend of your online privacy, never selling your data, not allowing the government to tap it, and pursuing Google for trying to circumvent the ‘do not follow’ option in its Safari web-browser. It’s also a nice shot across arch-competitor Google’s bows: Google is an advertisement-serving company, and its entire revenue model is based around using your data to sell targeted advertisements to people who want to sell to you.

A few days ago I allowed Google to use my location in Google maps. I’d turned this off some time before, and thought ‘what the heck, how can it hurt?’ Since then, all the websites like Buzzfeed and its cousins which serve up random advertisements have been telling me that a mum in Oxford makes £770 an hour, apart from the ones that tell me that an eerily similar looking mum in Worcester makes £770 an hour. I accept that even the biggest of big data sheds don’t know where Marlcliff is, given that there are people who live five miles away who have never heard of it. I’m a bit more surprised they haven’t heard of Stratford-upon-Avon, though, any day now, I look forward to seeing pictures of the California-tanned mother (sometimes described as a ‘hot’ mum, which may account for the tan) who will by then be earning £770 an hour in Shakespeare town. She is always pictured as just climbing out of a gull-wing sports car, which probably explains how she gets about so much.

Given that these advertisements are served up on pages where every single story appears to relate to Oxford (or Worcester), I doubt I will really be taken in. Nonetheless, there are some real problems, and they need to be addressed.

What’s really wrong with bad data privacy?

A lot of people might well say ‘what’s the harm?’, especially if they know that the information isn’t really leaving my computer to be stored in a gargantuan off-site database.

I think there are some very significant problems. Legislation lags ten years behind or more, but industry codes of practice and consumer pressure could work to solve them.

Problem 1: the vulnerable

Extreme personalisation creates an entirely false impression of trustworthiness. While most web users who happily share dodgy memes on Facebook are altogether more circumspect when it comes to parting with cash, there are large numbers of vulnerable people who are more easily taken in. If someone were to come round to a vulnerable person’s house every day, chat with them, and eventually sell them hundreds or even thousands of pounds worth of products they didn’t need, we would consider this to be a confidence trick and expect the perpetrator—if caught—to go to jail. If the operation of cookies, big data and online advertising does it, for now at least, we accept it.

Problem 2: data profiling makes you the vulnerable

Even without actually harvesting your personal data, big companies are able to use the masses of information about you and about people like you to build ever more accurate profiles. Most of us believe that we would resist the attentions of a confidence trickster, but, in reality, there are constantly stories about how hard-nosed, alert, bright people have been caught in a sting of some kind. As often as not this is a newspaper-led sting, as those are the ones we read about. The ability to take someone for a ride is based on doing excessively more research than any of us would think anyone would ever do. Clearly, there is a limit to the number of stings of this kind that newspapers can fund. However, at the big data level, if you have all your cookies turned on, your ads unblocked and your location available, businesses can build more or less perfect profiles of you. Suddenly—because of the intensity of information—we are all in the vulnerable category, because we can be targeted with advertisements that are so tailored for us that they almost seem to be reading our minds.

Problem 3: your information is not safe

Over the past couple of years, Facebook, Twitter and Adobe have all contacted me to tell me that I need to change my password because of a breach of their own data protection. Facebook, Twitter and Adobe are big companies. How many small companies have been breached who never actually found out? How many knew there was an issue, but chose not to inform me. Normally speaking, these aren’t a problem to me. Neither Facebook nor Twitter have my credit card details, and I use different passwords for different sites, thanks to Apple’s Key Chain. However, if anyone had any illusions about this, we should now be aware that no website is unbreachable, no password uncrackable, and no promise of data integrity can really be kept. If the breaches can be contained to the sites in question, there is little problem. However, when the web ‘knows’ about you, the situation changes.

For myself, I no longer want to read about hot mums in Oxford or Worcester who make £770 an hour. I don’t want Facebook to know what I browsed on Amazon. I don’t want to be profiled alongside drug-growers because I bought some lights. To me these are irritations, and they are solved by switching on every method of privacy that comes with my Mac. As of tomorrow, I shall enjoy using iOS 9 to block these ads from my iPhone.

But that’s just me: it’s the irritation which irritates me right now, like the automated voices that ring me up to tell me about PPI, which I never had.

However, looking at the phishing emails which I receive, and which Sophos anti-virus very kindly warns me about, scammers are getting more and more sophisticated. I hope that I will always spot them, or the OS and the anti-virus will spot them for me, but I’m not entirely sure.

As for large businesses, their offerings are now so tailored and so sophisticated that I can be pretty certain that I’ve bought things I didn’t need at prices I didn’t have to pay, simply because of over-personalised marketing.

iOS 9 is a sign that the tide is turning. Is it turning fast enough?


Back to Top