Archive for August, 2010

Ignorance <> bliss: Check out our new website privacy reports

August 26, 2010

If you deploy third-party behavioral ads on your website, there’s no reason not to know how your partners stack up in terms of protecting user privacy.

In fact it couldn’t be easier, now that we’ve launched our new site-scan privacy reports. At a glance, you can see which tracking companies are collecting user data on your site, and a detailed analysis of their oversight participation, privacy policy protection and opt-out availability. You can also drill down with summaries of key privacy practices and privacy policy excerpts. Check out this example.

We’re offering free site scans for any website, with a sliding-scale subscription for ongoing monitoring and alerts when new networks show up on your site.

As always, comments and input are greatly appreciated, as well as notice of any bugs or other issues.


Party pooper: Facebook mobile privacy

August 19, 2010

At the risk of being a party pooper in today’s rehabilitation of Facebook’s privacy image, I’d like to ask:

Why can’t you see and adjust your privacy settings in the Facebook mobile app?

I hadn’t noticed this until I updated my iPhone app (3.1.1) to check out their new location-based services. As far as I can tell, there’s nothing at all about privacy in the mobile app (or in the settings), not even a link to open your privacy settings in the mobile browser.

Over 150 million people access Facebook via mobile apps, no doubt for many it is their exclusive or primary mode of access. (You can even set up a new account directly through the app.) You would think native privacy settings would be a baseline product requirement for Facebook mobile apps.

It’s not too hard to do — a company called Mobile Distortion has a nice looking step-by-step free app to manage your Facebook privacy settings. Not as elegant perhaps as Reclaim Privacy on your computer, but useful nonetheless.

This seems like a big omission. Am I missing something?

AddThis: Still breaking the bargain

August 19, 2010

hI wrote last week about how AddThis has ignored significant privacy questions as it starts to harvest data for behavioral targeting. AddThis sharing widgets, installed on 1.5 million websites, now collect behavioral profiles for auction to third-party ad delivery companies.

I’m not objecting to the notion of collecting and using data through a widget. My objection is that, by failing to tell consumers and publishers about what’s going on, they are breaking the implicit bargain in the consumer data ecosystem. The “bargain” says that consumers get free content and services (like nifty sharing widgets) in exchange for their anonymous data, but data collection comes with robust notice of how data are collected and used, and a meaningful chance to opt-out.

What’s amazing is that, even after losing AOL as a partner over this issue, ClearSpring and AddThis are still breaking the bargain by hiding the ball from consumers and publishers. Here’s what I mean:

  • There’s still no prominent mention of profiling in the AddThis signup process, except one buried deep in the terms of service.
  • You also won’t find any announcement in the AddThis Blog, even though they could easily have cut and pasted from the extensive blog post about the program on the Clearspring blog (their separately branded portal for advertisers and ad partners). Apparently, the behavioral profiling of 1 billion users isn’t as blog-worthy as supporting the re-tweet button or Will and Charlie’s trip to the Internet Identity Workshop.
  • You won’t find any announcement in the AddThis Developer Forums, although one curious developer happened to discover it on  July 21 (pre-announcement, hmmm), and was provided some special code to disable cookies. If you want his code and didn’t catch that particular forum entry, good luck finding it in the help documentation (I couldn’t). You have to email them to get it.
  • You won’t even find a mention of behavioral profiles in the AddThis FAQ. There is a question, “What data does AddThis collect and why?” and the answer consists of a link to the AddThis privacy policy. Paragraph 17 of the privacy policy does discuss profile sharing. I guess it was too much trouble to provide a summary of the changes on the top of the page, or anything at all on the AddThis homepage (like “New!” next to the privacy policy link).

In this light, it’s hard to take Clearspring’s CEO seriously when he says to the Wall Street Journal that “This is very much a participatory system” for publishers.

Are they terrified that if they actually provide good disclosure, more publishers like AOL will freak out, either over privacy or uncompensated leakage of valuable profile data? Personally, I doubt that, but it’s all in how you handle it. One thing’s for sure: hiding the ball isn’t working.

Two more interesting questions to think about:

What about back-end processes? Front-end disclosure is important, but the rubber meets the road on the back-end where consumer profiles are used and shared in ways invisible to users. For AddThis, there’s a critical back-end privacy function of keeping email addresses (which are used extensively in the service) separate from behavioral profiles. If AddThis won’t invest in simple front-end disclosures, why should anyone feel assured that they are investing in robust back-end privacy processes?

Where will the NAI come out? I’ve been told that Clearspring is in the process of applying for NAI membership. Can the NAI admit Clearspring with a deeply flawed privacy framework, particularly since publisher-to-consumer disclosure is a principle that the NAI vowed to enforce more strongly in 2010? Is it consistent with NAI policies for NAI members to purchase and use Clearspring’s tainted data, as Media6Degrees apparently may already doing?

Note 8/21: AddThis appears to be responding, and has a blog post on AddThis now about the new program. Still watching for integration of prominent notice and easy opt-out for publishers and consumers, to see if they really mean it.

An opt-out in the open hand

August 19, 2010

I’m a little late in noting this, but it was delightful to see this tweet from the Ghostery team in response to my post about why a universal opt-out must be part of the self-regulatory framework.

This means that on every ad-notice landing page provided by Better Advertising, a consumer will be able to download a tool that blocks ad tracking completely. Hopefully the universal opt-out functionality will be prominent and clear.

Of course, offering a browser add-on is not a substitute for a web-based universal opt-out, since consumers shouldn’t be required to install software to express their preferences. But to provide complete control “in the open hand” will go a long way to showing a sincere commitment to consumer choice.

Specific Media: Out of the NAI doghouse?

August 18, 2010

More than six months ago, Specific Media was the sole ad delivery company singled out as having potential compliance issues in the NAI’s 2009 report (discussed in an earlier post).

The company just updated their privacy policy in two respects:

  • Adopted a 12 month maximum retention period for user data (nice work!).
  • Added a very interesting disclosure about the use of browser caching to store user IDs (more in this in a future post).

I can only speculate that these changes are related to the successful completion of Specific Media’s compliance review. The fact that we don’t really know is instructive — and disappointing — for the self-regulatory effort. The NAI should have been more clear about the nature of Specific Media’s issue, and should have published an update that clarifies the issue in detail and how it was remedied. If no issue was found, that should be clear as well.

Let’s face it: One reason self-regulation is failing to win more supporters is that many view it as an unnatural act for an organization of companies to police the behavior of its own members. Compliance failures will happen, and when they do they need to be visible and the oversight response needs to be completely transparent. Nothing would inspire more confidence in self-regulation than really putting a company in the doghouse from time to time — in a way that advertisers, partners and consumers can’t miss.

AddThis transitions to behavioral advertising, ignoring key privacy questions

August 11, 2010

Last week AddThis announced that data collected through their sharing widget, installed on 1.5 million websites, will now be used for behavioral advertising. According to the announcement, anonymous profile information for over 200 million users, including the pages they have visited on AddThis publisher sites, is now available to other ad delivery companies in real time bidding.

The new AddThis program is similar to Google’s transition of AdSense into an ad exchange platform (see prior posts). In both cases, tags placed on publisher sites for one purpose are now being used for different and more extensive purposes. And in both cases the companies should clarify answers to some important privacy questions.

Publisher Notice

Shouldn’t publishers be made aware of the change in how their users’ data will be handled, and provided with an opportunity to opt-out? Is it fair to assume that all sites with the widget already installed — including hospitals, schools, church groups, and government agencies with no other advertising — would choose the AddThis widget if they were aware that their user behavioral data will be sold?

For publishers signing up today, there’s no reference to behavioral data collection in the signup process for the AddThis widget. Is this deceptive?

Consumer Notice

Will the AddThis widget include a notice to consumers that tracking information is being collected on each page that serves the widget, regardless of whether the consumer interacts with it? (This kind of notice is required under the IAB’s guidelines and could be provided with something akin to the power “i”.)

Will AddThis also ensure that when the data are used to display an ad, the consumer will be notified that AddThis was the source and provide an opt-out?

Are AddThis publishers required to amend their own consumer privacy policies to provide notice of AddThis data collection, as is standard practice for compliant ad networks?

Will consumers be able to see what’s in their own AddThis profile, as they can on Google, Yahoo! and leading ad networks?

NAI Compliance

Neither AddThis nor its parent Clearspring is listed as a member of the Network Advertising Initiative, the industry organization charged with defining privacy standards and providing oversight for behavioral advertising.

The AddThis announcement says that the company “complies with the Network Advertising Initiative standards.” What does this mean, given that AddThis is not subject to NAI compliance reviews; they do not appear to follow the NAI’s requirement that publishers pass through disclosure in their privacy policies; and they lack NAI-required privacy disclosure as to data retention?

Why wasn’t NAI membership considered a prerequisite to launching the new program?


Hopefully AddThis will move quickly to remedy the privacy shortcomings in their new program. How they approach this will tell us not only about their own commitment to privacy and self-regulation, but also the commitment of any partners and advertising customers who continue to participate.

Hunch and Facebook: Permission Denied

August 5, 2010

The newly relaunched, a nifty recommendation engine, asks you to login using Facebook Connect or Twitter. The Facebook Request for Permission is striking (and appropriate) in its detail, showing real progress in Facebook’s privacy disclosure framework:

Maybe I’m unique, but this continuing level of access to my Facebook information (and that of my friends) is more than I’m prepared to provide in exchange for free recommendations. Plus, there’s no indication how this can be undone if I change my mind.

The link here to Terms of Service probably isn’t as pertinent as would be a link to Hunch’s privacy policy. Unfortunately, the Hunch privacy policy doesn’t provide any clue of how they handle Facebook information, since apparently it hasn’t been updated for the relaunch.

As a result, my choice was “Don’t Allow.” Puzzlingly, pressing that button simply refreshed the page and restated the request. There’s no option to allow use of less information — like perhaps just what is already public — even if I’m willing to live with recommendations that aren’t quite as good.

My takeaway: Great example of how privacy architecture must be fused with product design in order to tap into the value of user profiles. For this user at least, Hunch hasn’t cracked that code just yet.

Microsoft, Google and Mozilla: It’s time to make privacy engaging for consumers

August 2, 2010

For anyone who has struggled to use the privacy settings in Internet Explorer, it’s probably not a surprise that, as the Wall Street Journal is reporting, Microsoft compromised consumer privacy choices in the interest of advertising revenue and advertiser relationships.

What’s missing from the Journal’s reporting is a broader point, which is that the other major browser makers, Firefox and Chrome, have also made the same compromises. It’s a fact of life that ad revenue supports all of these projects; Firefox because Mozilla gets major financial support from Google, and Chrome because it is a project within Google. Those browsers are in many other ways better designed and easier to use than Internet Explorer, but none of them provides a decent user experience when it comes to ad tracking and privacy.

Here’s some unsolicited advice for the privacy teams at these companies: it’s time to figure out how to demonstrate that better privacy tools lead to more engagement with advertising. If Google is to be believed, when you show consumers what’s really going on with ad tracking, they tend to lean in rather than lean out. It’s not going to be easy, but it’s time for privacy enhancing tools to be viewed as revenue enhancing rather than just a cost of doing business.