How to know if self-regulation is working: Feature article in Adotas

Some key elements are now in place for the self-regulatory framework to ensure privacy and choice in ad tracking. Today in Adotas I’m suggesting three key things that will indicate initial success for the new system:

1. The consumer experience is great;
2. Failures are visible; and
3. Outliers are shunned.

Read the article at Adotas.

Everything you wanted to know about PrivacyChoice but were afraid to ask: Today’s Interview in AdExchanger

Read the whole interview here, including comments on self-regulation and the competitive set.

About the history and current feature set:

I started with a very simple, universal opt-out tool that was an instant hit with consumers. We now manage preferences for well over a quarter-million people, and have launched nearly a dozen other tools and resources: A comprehensive database of ad company policies and certifications, several bookmarklets and add-ons to monitor tracking activity and to maintain opt-out and opt-in choices, a best practices checklist for ad targeting, a free site-scanning service and seal program for websites to monitor and certify their third-party data practices, and a new experimental service for consumers to see and control their ad profile in its entirety. These all leverage a common data set and preference platform, and we’re just getting started.

The Privacy Fanatic reviews PrivacyChoice (Network World)

In the words of Ms. Smith, the Privacy and Security Fanatic at Network World (pictured anonymously at left):

If you care about your privacy, it doesn’t mean you have to opt-out of being tracked. You can decide if and how your online interests are used for advertising. With the help available at PrivacyChoice, you can decide if any ad-companies’ privacy practices are up to your standards or you can tweak your preferences for the relevant ads that you do see. The transparency and accountability in the PrivacyChoice privacy tools offer you real choices and control of who’s watching and tracking you.

Read the full article at Network World

Evercookie: Why oversight matters

Opt-out and blocking technologies are important to allow consumers to express their privacy preferences and have assurance that they are honored. But as mentioned in earlier posts, the technology to track users will probably always outpace the technologies available for consumers to avoid being tracked. For this reason, websites must still have a responsibility to make careful choices about which companies’ tags they place on their pages, and tracking companies must submit to regular and meaningful oversight as to which methodologies they use. While there’s no bullet-proof way to avoid tracking, it is possible to limit it substantially through transparency and accountability.

So I was interested to read about Evercookie (read disclaimer below before clicking), which gathers together in one open-source tool a set of ways to track users without normal browser cookies. The author describes the mechanisms used:

– Standard HTTP Cookies
– Local Shared Objects (Flash Cookies)
– Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
– Storing cookies in Web History …
– HTML5 Session Storage
– HTML5 Local Storage
– HTML5 Global Storage
– HTML5 Database Storage via SQL Lite

It’s ingenious, and even includes a facility to replant the normal browser cookie if it has been deleted.

PS If you follow the link to Evercookie, I can’t assure you that you won’t end up with one!

PrivacyChoice featured on MediaPost: It’s all about the process

Check out Steve Smith’s article about PrivacyChoice on MediaPost’s Behavioral Insider. He captured our philosophy well in this advice to targeted marketers:

If we read consumer behaviors around privacy monitoring with the same care as marketers look at buying and browsing habits, then the users themselves may be telling you the next steps to take.

Read the full article here.

The PrivacyChoice Bookmark: Early user feedback (not bad)

I’m pleased but not satisfied with the initial user feedback on the PrivacyChoice Bookmark. Here’s the punchline:

An near 80% recommendation rate is good, but can and will be improved, mostly by making things more clear.

We also learned in this survey:

1. The video can be a lot better, particularly if we strip out the explanation of how to get a bookmark bar into a separate video.
2. It’s important to keep our eye on popups and messages the user sees during the opt-out process. We’re still working these issues on Internet Explorer.
3. We need to make it easier to escape the process, and will be pushing an “exit” button shortly.
4. Feedback is wonderful, so we’re building the survey right into the bookmark process. I’ll be upgrading the survey methodology and question forms, too.

Hey NAI, we’re gaining on you!

Here’s a fun graph that shows how the PrivacyChoice service is growing in popularity. It’s a neat comparison, since privacychoice.org and networkadvertising.org are the primary sources of consumer privacy information and choices for ad targeting.

New goal: make those lines cross!

Website privacy disclosure: Google isn’t doing its part

Brad Geddes at Search Engine Land reports that based on his own review of  several hundred websites, a huge proportion are failing to provide the privacy disclosures required by Google’s own rules, including for targeting practices like remarketing and interest-based advertising.

Of the sites he reviewed:

More than 90% were breaking at least one of Google’s policies

More than 65% were breaking at least two of Google’s policies

More than 40% were breaking at least three of Google’s policies

It’s interesting but not surprising that websites aren’t following through on disclosure requirements, when left to their own to do so. No doubt Google has the resources and the technical prowess to automate this process to do a much better job. And no doubt that as a member of the Network Advertising Initiative, Google has an independent requirement to follow-through on publisher disclosure (a principle the NAI reaffirmed earlier this year).

More worrisome: If Google isn’t doing much to ensure publisher disclosures, why should we believe that Google is actually on top of back-end privacy compliance by the scores of third-party ad networks that now have access to user behavior on millions of websites in the Adsense network?

Transparency works: Specific Media kills the cache

Specific Media’s privacy practices have drawn more attention than they would have liked in the last several months. One issue highlighted in a prior post was SM’s use of local cache storage for unique user IDs — which, like a Flash cookie, could be used as a “back up” identifier after the user clears their regular browser cookies. That’s a no-no under rules of the Network Advertising Initiative, so it was a puzzle when the NAI appeared to have closed out Specific Media’s overdue 2009 review with cache-based ID storage still in place.

Now it appears that Specific Media has put an end to cached ID storage (based on yesterday’s revision to their privacy policy). That’s good news, since now there can be no implication that the NAI would permit this kind of practice.

Assuming Specific Media has killed the use of the cache on the backend (we haven’t tested this, yet, but will), I’d like to think that this is an example of how transparency can work to bring individual company practices in line with industry norms. Even better would be if the NAI would be so bold as to report directly and publicly on these issues as they arise and are resolved.

Privacy Innovation: The PrivacyChoice Bookmark

The PrivacyChoice mission is to demonstrate technologies that make consumer privacy more understandable and actionable. In that spirit, I’m delighted to announce the launch of the PrivacyChoice Bookmark, which is now the easiest way for consumers to manage their behavioral privacy settings. We’re featuring it on the PrivacyChoice homepage, where you can see a short demonstration video.

Here’s why this is exciting for consumers who care about their privacy:

• It’s dead-simple to use. Drag a link to your bookmarks bar, click it, choose between two settings and your opt-outs are activated. Your opt-out choices are stored in the bookmark, so your browser remembers them even if you clear cookies. With the “Privacy” entry in your bookmarks bar, you have instant access without navigating back to PrivacyChoice.
• You can refresh your settings with one click. Just click it after you’ve cleared cookies, and it remembers your prior selections and refreshes them, including any updates or new tracking companies that have been added, or any individual opt-outs you may have placed through PrivacyChoice or our partners.
• It works across browsers. At launch, the PrivacyChoice Bookmark works on Firefox, Chrome and Safari (and probably other browsers we didn’t test). (As always, Internet Explorer has some quirks; although it works, we determined that the user experience is still a little rough, so we’re cleaning it up before enabling IE.)
• It works across computers and devices. If you sync your bookmarks with Firefox Sync or Chrome’s syncing tool, your unique PrivacyChoice settings will come right along. As browser makers get better and better at linking the experience on your PC and mobile devices, the PrivacyChoice Bookmark will enable consistent, one-click privacy setting across all computers and devices that you use.

Of course, the PrivacyChoice Bookmark doesn’t provide the same level of durability and ease-of-use as a browser addon that retains opt-out cookies or blocks tracking interactions (both of which we also offer). But for most people who won’t go to the trouble of installing an add-on, our bookmark is an ideal solution.