Tag Archives: privacy

Privacy, Safe Harbor and ad blockers: When trust is key to business

Wild net neutrality vs. regulated standardized networks? Privacy for each vs. security for all? Free content with ads vs. pay-per-view? Are we bound to witness the development of the internet with the eyes of a war correspondent?

A few weeks ago, I have been at MeasureCamp in London, a bi-yearly analytics unconference that I find particularly stimulating (more about MeasureCamp here). I have held a session titled “More #Data, less #Privacy: Are we bound to finish naked?”. A summary of the discussion may be found here.

Provocative though the title may have been, the discussion was very constructive, and, as no clear solution seemed to emerge, it ended up with the only possible option, name it common sense, good will, mutual confidence… As for me, I shall keep the word “trust”, especially throughout this post for a good understanding.

Trust-in-Business
Credit: Oleg Dudko via 123rf.com

Trust is is the common ground to the topics that I have named in the title of this post:

  • Privacy policies cannot be operative unless you trust the company storing your data, and in many instances, you may even call for a third party to handle this subject, which usually is called “trusted third-party”… A hot topic everywhere, especially with all the data leaks that have occurred in the recent weeks.
  • Safe Harbor has been put into question, and ultimately terminated by the EU Court of Justice, because trust had been broken between the US and Europe, not only because of the NSA spying scandal, but also of the divergent points of view about what the role of the Governments should be and their right to intrude into the business rules (see the endless debates on Net Neutrality and Right-to-be-forgotten, for instance on the NNSquad site)
Data-Privacy-Secure
Credit: Robert Churchill via 123rf.com
  • Ad blockers also are starting to be an issue, because trust has been mishandled there too. Let us forget the original sin of third-party cookies, when accepting primary cookies from a website, for it to work properly, led to cookies being transferred to scores of third-party users, mostly for ad targeting purposes… My main concern today is about the latest bias in that area, i.e. ad blockers dealing with ad servers so as to generate exceptions for them, and let some ads be displayed, now breaching trust with their own clients.

Let me focus on this specific problem.

OK, ad blockers are standing in the way of advertisers, but so far they are not killing them. Advertising is the key monetisation tool for many free-to-access websites, among which media and news are in the first row, but many models show that such websites still may succeed nevertheless (the Huffington Post, as an example of a pure player, or the New York Times as an example of a redeployment from a paper business model). And, although we all agree that purely free content may only be amateur, plagiary, or infomercial, still ad blockers are not threatening free speech and democracy. And some people may require some rest from all-too intrusive ads, and block them. That’s legitimate.

Still, those same people have to behave accordingly, and understand that not everything may be free. Economy is give and take, debit and credit, buy and sell. These people have to pay for added-value content, beyond Linkedin Pulse summaries, or Mediapost digest e-mails. Pay for an abo at the NY Times on-line for instance. It balances the loss of revenue (ad-blocking) for some websites with paid-for content, for instance news read behind a paywall. This is fair. This are good business rules. This also is all about trust.

Trust is when both sides do their part; trust is when people using ad-blockers buy content somehow; trust is when an ad-blocking software reminds you that not everything may be free on the web, and that you have to pay for some content; trust is when ad-servers are serving relevant ads in relevant quantity, not flooding us until we surrender (or block).

Too-much-advertising
Credit: Maksym Fesenko via 123rf.com

But trust is broken when one of the parties is not playing a fair game; trust is broken with the users when an ad-blocking companies sells, at a very expensive price, bypassing ways for some ad-servers. Trust is broken when little arrangements are made between ad-blockers and ad-servers behind the back of the flock of consumers.

I shall not elaborate more about ad-blockers and especially about the AdBlock deal (more details here). And though this ad-blocker is a tool I have recommended in the past (in this 2014 post, for instance: Data Privacy, between a rock and a hard place), trust is now broken. And breaking trust means losing clients. At least some clients. AdBlock, you lost my trust, you lost me.

Data Privacy, between a rock and a hard place

How are we to handle Data Privacy? Through goodwill, as original free internet promoters would like to? Or through coercive regulation measures, as government bodies are prone to? This definitely is no easy dilemma…

The Marketing Mobile Association in France has been willing to put the question on the table, last Wednesday (Feb 12th), on the very same day when the US were having the so-called “safer internet day”. The meeting venue was more on the goodwill side, as the event has been hosted by the Mozilla Foundation in their Paris office. A nice place, by the way, see for yourself…

Mozilla Meeting Room

The discussion panel was more balanced, with Etienne Drouard attorney at K&L Gates, specialized in Privacy matters, and Geoffrey Delcroix, CNIL Innovation Director (CNIL being the French Internet Regulatory Body), as well as Hervé Le Jouan, CEO of Privowny, and Tristan Nitot, Principal Evangelist Mozilla Europe (a brilliant coffee brewer as well…), the whole thing being moderated by Bruno Perrin, Media & Entertainment Leader at EY.

Between tools to manage oneself’s privacy (see my own selection at the bottom of this post) and various comments to the Privacy Laws, the main impression that remains from this panel discussion is that handling Data Privacy is like walking on a tight rope…

Two opposite views are currently cleaving the internet:

  • On one side, the “libertarian” internet promoters, with their concepts based on freedom as wide as possible (net neutrality, open data, open source, etc…), whose view of privacy is linked to each person individual right to protect one’s privacy. A global “do-not-track” by default would certainly please them, especially if companies are to respect it forcefully…
  • On another side, at the opposite of the scope, we have the state bodies, willing to set more control on the internet, as this is something that they do not only misunderstand, but also fear; in this respect, they wish to instate regulations, privacy by design, control over content, etc…

And, in the middle, the so-called “new economy”, all these companies and people trying to make a sensible use of the internet… Not easy, mmh? What I understood very clearly from the panel discussion is that none of the extreme behaviors depicted above would give internet a chance. Setting “do-not-track” by default would simply lead companies to ignore it, and hence kill the idea. And on the other side, regulating the market by law would technically make it die, in the end. Hence, the tight rope strategy is the only one that remains, with a difficult balance between market freedom and people’s protection, between business and privacy…

So what are we left with? We can try to manage our own privacy, and ensure it does not go beyond the borders we have set. Nobody lives in a cave with no contact to the outside any more (as this would probably be the only way to fully protect one’s privacy…). But nobody wants to live constantly under the eyes of watchers, as in a personal Truman Show, especially when your information is wanted for their business… We may go on using internet, conscious that we are watched, but managing this, and knowingly give our consent wherever we believe it makes sense, blocking all other non-sollicited requests…

There are many tools to do so. Probably too many. I personally use five.

  1. An ad-blocker: this is not a must have, but it may be useful , especially to speed up your browsing. I use AdBlock, a Chrome extension. The disadvantage of this, is that most ad-blockers do not offset the changes in the layout of the website, making it sometimes barely readable (as for instance my favorite sport page, Sport24). And do not forget that most sites earn their money thanks to the ads… So I disable it now and then, especially when visiting sites with less audience.
  2. A user/password manager: this is highly interesting, to ensure you know what and where you have been logging in, and ensure nobody is using some of your identities without you knowing it. I am using the Privowny tool bar, a very useful add-on.
  3. An identity verifier: this is for Twitter in particular. To avoid being followed (and spammed) by robots and fake followers, I am using TrueTwit, a simple (and not so expensive) tool to filter and verify any Twitter user. I have less followers now, but only real people…
  4. A do-not-track option: I also use, now and then, the do-not-track feature in my browser (Chrome). This I do especially when shopping or banking online, so as to minimize the amount of cookies shared by these companies that also own very personal information of mine. I know, this is more a wishful thinking, but at least shows that I am not ready to let everything leak.
  5. A graphical cookie tracer: I have uploaded CookieViz from the CNIL website, a free software to visualize your browsing, and the cookies that have been shared with third parties. At least, when you browse websites, including your favorite ones, you know what you are at… Below a short description of this tool (currently only available for Windows OS, soon to come for Mac and Unix).

CookieViz example

The picture shows a session for 7 browsed sites (9 views total). The 7 websites are “circled” with red pentagons. Up right is Sport24 (link provided above), below e-commerce website CDiscount.fr and information website LeMonde.fr.

At the bottom, from right to left, a gaming website BigPoint.com, my About.me profile and this blog’s dashboard page. In the middle, Avinash Kaushik’s blog (Occam’s Razor), showing that even the blog of a respected digital evangelist like Avinash may share third-party cookies…

The graph is, I believe, self-explanatory; the visited websites (red pentagons) are generating cookies (all blue round spots), which are kept for first-party usage (blue links) or shared with third-party (red links). To be clear, I have disabled the AdBlock to generate this graph, so as to prevent partial representation.

This tool is highly interesting in my eyes. It does not block anything, but shows you everything. At least, the user knows what happens when he/she visits a website, and may decide to go on browsing, or choose alternatives websites with a better sharing policy, especially regarding third-party cookies.

A better informed customer always makes better choices.

The Great Discoveries, the Enlightenment and the Internet

A few weeks ago, I have been discussing about cookies while working on an assignment for my one of UBC Award of Achievement in Digital Analytics module and I had an interesting argument about comparing one’s personal computer to a home, and beyond this to the fact that the internet development is a real revolutionary spread.

Actually, this comparison makes sense, as far as you consider your home for what it is, i.e. your home base before and after any possible journey you would make, for work, leisure, shopping, vacation… Your computer is like your home, only if you do not walk outside, i.e. only if you do not connect to the web. Browsing is like going outside, to shops, to leisure activities, to theaters, to restaurants, and there, people collect constantly your own personal information.

Considering the privacy issue on my computer, I have especially focused my thoughts on the cookie management, a difficult balance between a good browsing experience and an all too present advertisement intrusion. It is similar to any visit or phone call to my home, as I would not want to tell or show too much, unless I have cleaned my floor, hidden what I would not want others to have a look at, or set my mind to “politically-correct”…

There is a schizophrenic behavior of users requesting an ever improved speed and usability for the websites, but grumbling against the website adaptation to the client’s browsing preferences, in a “but how do they know so much about me?” mode. As far as I am aware that I give up some of my privacy, allowing first-party cookies to improve my own user experience through increased page loading speed and saved preferences (such as passwords on on-line gaming sites or pre-entered Personal Information on e-shopping ones), this is fine: I do accept them freely, wherever they make sense, i.e. when they offer a real service to me. On small exception, when accessing “sensible” information (Online Banking or Tax Payments), I usually activate the “do-not-track” option, which is supposed to prevent the website from collecting cookies. So far so good for my online privacy.

In parallel to my home, I just lock it with a key, draw the curtains and lock the shutters, and my home privacy is also safe. Still a personal computer cannot be a stand-alone object any more, with no connection to the outside world, just like no one would ever stay at home all of his/her life. A computer is very much like one’s life, in constant interaction with outside inputs and outputs, and hence everyone has to acknowledge that data are collected about oneself, one way or the other.

Beyond the debate about how to manage cookies and whether they should be more strictly ruled (I may handle this later), I believe that we are anyway at a turn of history, a moment when the technology itself (internet, broadband, mobile, NFC, GPS…) is altering the very way we behave.

To refer precisely to my post title, I believe we are at a turn of tides, like at the times of the Great Discoveries in the 15th and 16th century, when we got to learn about other worlds, or those of the Enlightenment, in the 18th and 19th century, when the emergence of new ideas, as well as the tremendous progress of transportation, meant no one in the world could remain hidden from others. In this respect, the internet (and its multiple technological spin-offs) brIngs a new era of openness to the world, as one may not only be aware of new ideas or have the possibility to go and see other people and culture, but in a more efficiently manner, anyone may now summon anything and anyone to his own couch, through the power of a connected device…

This is like my home actually, as in the Middle Ages, it was totally isolated in the middle of the nowhere, and then someone discovered the way to it, then an enlightening road was built, and now, a full connected town is growing around my place. My behavior, and my relation to others will definitely be altered, as well as the depth of the knowledge they will be able to gather about me (and me about them)…

The Great Discoveries led to the fading power of the Catholic Church in Western Europe, as well as the possibility to travel enriched the revolutionary ideas of the Enlightenment… So is also the internet revolution, it changes our relationship to the world, to others, and even to ourselves!

it goes without saying that any revolution has its drawbacks; like the Revolutions from 1789 to 1917 have led to massive kills of “Ancien Régime” people, the internet is unfortunately not only nibbling our privacy, but also killing some traditional activities (Physical Cultural Media, including paper, CD’s or tapes, Brick and Mortar retailing…). Still, the same Revolutions brought new rights to the majority of the people (Liberty, Equality, Fraternity), just like the internet now allows equal rights and access to education, information, services, products… I do believe in the positive change that is brought by the latest technologies. Let us just remind ourselves that the internet only is a mean to reach a more comfortable world…

Jumping over the data privacy fence to land on the optimization green grass? See the hurdle?

Back to school today. Back to work. But back to school also meant back to my desk and also to my usual good reads.

I have namely read this post today, “Beyond Privacy Exploitation Lies Huge Opportunity For Personal Data Optimization” by Max Kalehoff on MediaPost, and I believe he is going a bit quick from his own personal point of view to a more general standpoint. Nevertheless, it is a good starting point for a post about data collection management.

The general idea, e.g. people could share more data for a more optimized benefit, is nice, but only the first part is convincing, i.e. there still is a lot of unexploited data to share. As it lacks some proposal on how one could “optimize” personal data, here are some thoughts I have had on this topic.

Max’s story is nice, but his reasoning by induction is not correct. Not everyone is ready to share really personal data, like weight or daily burnt calories… Actually, this is most probably the reverse way… Such data would most probably be hidden as much as possible, and its distribution highly limited to the lowest number of people, e.g. to none but the data owner himself… A marketer may dream of openness in such a case, but unfortunately I think this is far from real life.

And still, should anyone be ready to share such very personal data, would the distribution list be very large? I doubt so… A few friends and relatives, some key helpers (a fitness coach, a Weight Watcher Leader…) and maybe a doctor, that would be it. The “challenge” idea is typical of someone leaving well with his/her weight, and only willing to lose a few pounds for a healthier life. Not the majority of people dealing with overweight (or with any other personal problem, that is). And most probably a very narrow minority, I guess.

But the idea remains of the highest interest: get passively collected data to create a huge database with a maximum of objectivity. The daily routine for Market Researcher operating in the Retail Panel Tracking, but very seldom when it comes to people. Why this? Because people are aware that they are being tracked, and this only fact introduces a bias (I remember the famous bias of Consumer Panels, where no woman would ever buy any feminine hygiene item, and no man any condom…). Where there is uneasiness or even shame, there will be no freely shared data. So what are we to do?

In this area, what is the absolute must? Not only the passivity of the data collection, but also the ignorance of the tracked people. The less they know they are tracked, the more objective the data. And no question. A marketer’s dream come true. Of course, this is very cynical, and dangerous for the company acting like this, as no panelist will be asked about their consent (or, blatantly, they would be aware they are being tracked…). If I refer to this post’s title, this would mean to reduce the privacy fence to its lowest height, so as to be able to walk over it, not even jump at all…

But this will not happen. The hurdle is high and will remain such. It is built by conduct codes, regulations, even laws, and may very difficulty be ignored. So tracked people ought to know their data are collected. And objectivity will be lost. How to get over this? Find people ready to share their data, have them on board of a panel with an opt-in clause, and run some analysis. A classical methodology to ensure privacy is not breached. The risk? A panel based only on clones of Max Kalehoff, introducing another bias, the will to be tracked…

So, is there no way to get over the fence? There are some of course. The cookies on the web are probably the most famous af all. Every website uses some. And they are (very) intrusive. And some people started to complain, and even to request they should be blocked or erased. A solution will be required here too for user targeting and browsing behavior optimization.

So Max, I do not have the solution either. Not yet… But I’m working on it.