Me, My Privacy, Security and Identity on the Web – Part IV
In this blog post we’re going to make the transitional jump from the current Internet, to one that offers more of a choice when it comes to privacy. However before we make the leap it’s important to note – there’s no solution to privacy without trust. The second you share something with somebody else then trust has to be involved. The goal of any solution should be to offer increased levels of privacy based on increased levels of trust. And if the trust is abused, then provide a way for the user to restrict what they share.
Before we make the jump let’s revisit the issues with the current DNT standard. The goal is admirable – provide increased levels of privacy. As we will have to do with any “client – server” solution, we’ll have to rely on the trust worthiness of the content provider, be it a consumer Web site or an Enterprise portal. So by checking the box marked DNT in the browser we’re sending a message to the content provider that we do not wish to be tracked and that we trust that you’ll respect our wishes.
That’s all we’re doing – we have no control over any other aspect of the data that leaves the browser. Think of it like a train pulling out of the station – everything is the same except there’s a little flag hanging off the last coach that says to the next stop please don’t track me. We have to “hope” that the content provider will do the right thing. But what if they don’t? What’s our recourse – can we change anything about the data that was sent to them – to decrease the value of it? Nope. We can’t do a thing. We have no control and we lack a choice in how we want our browser data (fingerprints and cookies) to be respected.
If DNT was to stand a real chance of winning in the marketplace as a standard then the second we turned it on it would disable ALL third party cookies that come down to the device. That would be a huge step in the right direction because it starts to give us a choice in what goes on. So you have to ask yourself why isn’t this being done?
And in those immortal words “Follow the Money” you find the answer. The Internet is a business and in return for providing services for “free” there must be a way to re-coup the expenses. If DNT was to instantly block those 3rd party cookies there would be mayhem – companies have been built on access to customers data and disabling those cookies will collapse their businesses. So the DNT standard has been “engineered” so that this can be handled by the content provider and not the user. And as the Bard said – therein lies the trust, choice and privacy issue.
Without the ability for transparency then I have no way of verifying that there’s compliance. Try opening up your browser and figuring out which is a 3rd party cookie? You have no idea. And there’s absolutely no incentive to let you figure that out. On the contrary there’s a great incentive to “game the system” and not respect your privacy.
Think about it for a moment – if you had to spend thousands or millions of dollars to re-write how you Web server supported this new standard, and by doing so you stood to loose a lot of money, how fast do you think it would get done. (Especially if all it was, was a recommended spec).
At the root of the DNT standard is good old fashioned “Money”. I understand and respect that. After all you’re giving me something for free and in return I should give you something – right? Well yes, but wouldn’t be better if we could actually make the whole experience better? Sort of like adding an overdrive gear to the Internet. I’ll increase the value of what I share with you, if you increase the value of what you share with me and in doing so give me a better experience.
That seems like a far better use of my Privacy than the current approach.
Well I’ve run out of time on this post so in the next blog we’ll make the jump to offering something new for the Internet, something that allows you a choice and allows both you, and the content provider, to share in the value created by increased levels of trust.