[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PFIR: Massive Tracking of Web Users Planned -- Via ISPs!

Weiterleitung an die Nicht-Subskribierten! - M.K.

Betreff: Massive Tracking of Web Users Planned -- Via ISPs!
  Datum: Thu, 20 Apr 2000 19:13:33 -0700 (PDT)
    Von: pfir@pfir.org (PFIR - People For Internet Responsibility)
     An: PFIR-List@pfir.org

        [ To subscribe or unsubscribe to/from this list, please send the
          command "subscribe" or "unsubscribe" respectively (without the 
          quotes) in the body of an e-mail to "pfir-request@pfir.org". ]

Greetings.  Since I felt that the topic of today's PRIVACY Forum
Digest might be of significant interest to the readers of this list,
I have included today's Digest below.  My apologies to anyone who might
receive duplicate copies via other venues.

Lauren Weinstein
lauren@pfir.org or lauren@vortex.com
Co-Founder, PFIR: People for Internet Responsibility -
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy


PRIVACY Forum Digest      Thursday, 20 April 2000      Volume 09 : Issue


            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

         Massive Tracking of Web Users Planned -- Via ISPs!
            (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions
subject to editing.  Subscriptions are via an automatic list server
for subscription information, please send a message consisting of the
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous",
enter your e-mail address as the password.  The typical "README" and
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY
materials is also available through the Internet World Wide Web (WWW)
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

         "Have marshmallows got pits?"

              -- Shemp (Shemp Howard)
                 "All Gummed Up" (Columbia; 1947)

Date:    Thu, 20 Apr 2000 18:04:08 -0700 (PDT)
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Massive Tracking of Web Users Planned -- Via ISPs!


This is not a delayed April Fools' Day joke.  It's all too real, 
and I assume that you're already sitting down.  

Picture a world where information about your every move on the Web,
including the sites that you visit, the keywords that you enter into
engines, and so on, are all shipped off to a third party, with the
cooperation of your Internet Service Provider (ISP).  None of those
cookies to disable, no outside Web sites to put on block lists--just a
flow of data from your ISP to the unseen folks with the dollar signs (or
pound, yen, euro, or whatever signs) gleaming brightly in their eyes
the scenes.  You'll of course be told that your information is
and that you can trust everyone involved, that you'll derive immense
from such tracking, and that you have an (at least theoretical) opt-in
opt-out choice.

But just for some frosting on the cake, also picture that if you avail
yourself of the opportunity not to participate in such tracking (via
or opt-in choices), that you either cannot use the associated ISPs at
all, or
will be faced with paying significantly higher fees than persons who are
willing to play along with tracking.

As you have no doubt guessed by now, this is not a theoretical scenario.
We're on the verge of starting down the slippery slope to this end right
now, with the imminent operations of Predictive Networks
(http://www.predictivenetworks.com) and other similar businesses also in

When I recently learned about Predictive (which has apparently been
established for some time and seems to be well funded), I naturally
their Web site, which was sadly lacking in obvious specifics such as an
actual posted privacy policy.  (I've since been told that this is a
condition which will shortly be remedied.)  I spoke briefly with the
president and had a much more detailed chat with his V.P. for Business
Development, and received an e-mailed copy of their privacy privacy. 
of these fellows were polite, cordial, and willing to provide me with
information I desired about their plans.

Unfortunately, the more that I learned from these sources, the 
increasingly concerned I became.  

In brief, Predictive's business is to engage ISPs (not just "free" ISPs
where usage tracking has become typical, but conventional fee-based ISPs
well) in arrangements where the ISP will directly feed Web usage data to
Predictive.  The firm also claims to be working with Internet backbone
providers.  To quote from Predictive's privacy policy:

    "Predictive Networks uses Digital Silhouettes to match Internet
     and advertising with appropriate subscriber recipients.  As a
     subscribers receive information that appeals to their current needs
     interests.  To develop a Digital Silhouette, The Predictive Network
     analyzes URL click-stream data, such as web pages visited, and date
     time of visit.  URLs are then evaluated against more than 120
     and demographic categories, and assigned a score between zero and
     The resulting Digital Silhouette is simply an anonymous set of
     probabilities inferred from subscriber behavior.  URL histories are
     permanently stored and the data in the Digital Silhouette is not
     personally identifiable."


    "To provide subscribers with content most relevant to their current
     interests, The Predictive Network may retain key words from
     searches.  These key words are attached to the subscriber's
     Digital Silhouette and, like the Digital Silhouette itself, are not
     personally identifiable.  The Predictive Network also gathers data
     a subscribers' response to messages and content, which is used to
     fine-tune future messages and message format."

It is Predictive's contention that they do not maintain an ongoing
of sites visited (URLs), and that the Digital Silhouettes are maintained
an "anonymous" fashion--so they feel that there is no violation of

But outside of the fact that keyword search terms *themselves* can often
contain personally-identifiable or other sensitive data, also note from
Predictive privacy policy that:

    "To optimize the format of the content delivered to subscribers, the
     anonymous Digital Silhouette may include specifications about the
     subscriber's computer, such as processor type, browser plug-ins and
     available memory.  For some of our ISP partners, Predictive
     may provide a built-in dialer system.  Should an ISP select this
     option, The Predictive Network may require subscribers to furnish
     ISP user name and password.  This information will be used strictly
     account authentication purposes and will not be associated with the
     subscriber's anonymous Digital Silhouette.  Our ISP partners can
     the leverage the power of The Predictive Network for customer
     purposes.  Should a subscriber's ISP select this option, the ISP
     name may be matched with the Digital Silhouette ID number.  This
     allow The Predictive Network to send specific individuals important
     customer service information.  In addition, some subscribers may
     to have email service from their ISP.  Subscribers on The
     Network that choose this option may be required to supply
     Networks with their email address.  This information is used for
     notification only."

In other words, there is a variety of personally-identifiable
that you may need to provide to Predictive at various times, and you are
expected to trust Predictive not to purposely or accidentally misuse
data.  You also must trust that Predictive will not associate this
information with your "Digital Silhouette" in any manner--nor let anyone
else make such an association.  One wonders what would happen in the
face of
a court order to provide associated data for a civil or criminal
or investigation.

Most of the familiar problems we've seen in the past with so-called
"anonymous" tracking systems are present in this case.  Privacy policies
be changed at any time (e.g., the recent DoubleClick fiasco).  Detailed
that is theoretically discarded in the process of building "anonymous"
profiles could be preserved at any time, simply through software
alterations.  The very *existence* of these sorts of data collection and
tracking infrastructures is of great concern.  Even with the best of
intentions, the possibility for abuse is impossible to ignore--and as we
know there is a vacuum of laws to provide consumers with useful
in these areas.

Predictive claims that all of this effort is to bring better services to
Web users.  Their apparent view is that tracking people's usage to
out what sorts of ads to send them is far better than simply *asking*
to select the sorts of materials that they might wish to receive. 

Of course, whenever you use automated techniques to try figure out what
people want based on the Web sites they happen to visit, there is the
possibility of embarrassing errors.  For example, people may be suckered
pornography sites by misleading banner ads, and not be at all interested
receiving adult-oriented advertising.  Similar errors relating to other
topic areas can occur from any number of the inadvertent Web sites that
of us hit in the process of typical Web browsing.  Predictive will let
people see the profiles that have been built about them--but sometimes
have to *pay* for the privilege!  There are other interesting catches 
as well:

    "In developing our anonymous subscriber Digital Silhouettes,
     Networks captures, analyzes and then discards URL click-stream
     While we do not permanently retain a record of each subscriber's
     we can, upon request, make their Digital Silhouette available to
     for review.  Any subscriber on The Predictive Network has the right
     view their Digital Silhouette free of charge twice during the
     year.  Subscribers will be charged $50.00 per request thereafter.
     Subscribers can obtain a copy of their Digital Silhouette by
     Predictive Networks at silhouette@predictivenetworks.com.  The
     request must contain the subscriber's anonymous ID number, which
can be
     found on their computer by holding down the shift key and
     right-clicking on about.  The corresponding Digital Silhouette will
     emailed back to the subscriber within approximately ten business
     Subscriber should note that by emailing Predictive Networks, they
     be "identifying" themselves to the Company.  While we do not
     incorporate this information into our Digital Silhouettes, we do
     maintain a separate record of Digital Silhouette requests for
     accounting and billing purposes.  Should a subscriber object to any
     all of the information contained in their Digital Silhouette, they
     opt-out of The Predictive Network permanently, or opt-out and
     re-register, which will erase the existing Digital Silhouette and
     a new one.  Again, Predictive Networks urges subscribers to consult
     their Internet service provider before opting-out as doing so may
     affect their Internet service and/or their Internet service rate."

The last sentence above is of *special* interest to the question of how
"optional" this tracking really would be.  It is apparently Predictive's
intention to encourage ISPs, both free and the conventional fee-based
to partner with them to create new revenue streams for the ISPs (and for
Predictive, of course).  It would appear to be the plan that in most
any use of free ISPs who have associated themselves with Predictive
would be
predicated on your acceptance of the tracking.  You can opt-out, or
refuse to
opt-in, but then you can't use the ISP.  Not much of an option!  The
about the tracking may also be buried within an ISP's own privacy or
policy statements, making it even less likely that most people will ever
bother reading or understanding all of the detailed ramifications of
using these systems.

It also appears to be Predictive's intention to encourage fee-based ISPs
offer lower rates to users willing to be tracked.  This can rapidly
into a coercive situation where users who do not wish to participate in
tracking will be forced to pay ever higher rates simply to maintain the
level of privacy and non-tracking that they had in the first place (as
immortal Alice learned, "running faster and faster to stay in the same
place"...)  Can ISPs resist this temptation?  If not, the *fundamental*
structure of the Internet and Web will be permanently changed in a
that could make reasonably-priced, non-tracked Internet access a rapidly
fading memory, and make all of the abuse potentials of these tracking
technologies the status quo engrained within the Internet

After Predictive gets their privacy policy online at their Web site, I
everyone interested in these issues to read the entire text.  There are
other interesting sections, such as how they're dealing with the issue
tracking children under the age of 13 (vis-a-vis the new Federal Trade
Commission regulations on this topic).  Basically, Predictive says that
either must keep such children away from the computer, or must agree
it's OK for the children to be tracked.  It's all or nothing.

Predictive of course says that they are very concerned about privacy.
They told me that they're forming a "privacy advisory board"--and so on.

I have a different suggestion.  How about if the users of the Internet
World Wide Web, the millions and soon billions of individuals, take a
while we still have the opportunity?  We still have the chance to say
our personal information is our own and that our Web browsing behavior
private.  We may yet be able to successfully assert that we won't be
manipulated, coerced, or otherwise "bribed" into allowing our Web
to (as "The Prisoner" put it) be "pushed, filed, stamped, indexed,
debriefed, or numbered!"  

The Internet and Web have tremendous commercial potential.  But it can
achieved ethically and without the use of obnoxious technologies that
being shoved down our throats like feed for animals destined for the
table.  The firms who view the Internet as little more than a "cash cow"
already placing the software rings in our noses in an effort to see us
easier to manipulate and control. 

The stink of the slaughterhouse may not be far away.

Lauren Weinstein
lauren@pfir.org or lauren@vortex.com
Co-Founder, PFIR: People for Internet Responsibility -
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 09.13