Privacy: My Expectations vs.. My Reality
by Peter
I’m going to start this post with a famous quote from Wernher von Braun – you can recover from a production flaw but never from a design flaw.
Right now there’s lots of activity in the Privacy space (note that I say activity vs. outcome). There’s an initiative by regulators to reign in what they feel is invasive behavior by both content providers and carriers as it relates to your privacy, and there’s also an initiative by the W3 to introduce a “Do Not Track” preference in the browser.
All of these activities hinge around really defining what Privacy means to “Me”. As you can imagine everyone has an opinion on what it should be. For the purpose of this blog post lets keep it really simple – let’s go with the W3 initiative of a “binary solution”. If my browser sends a 1 then I don’t want to be tracked and if it sends a 0 then I consent to being tracked.
Ok, that’s really simple. And consequently my expectation is also very simple – if I send a 1 then I “expect” not to be tracked in any way shape or form. In fact I actually expect my browser to block any method a Web site may try to use to track me. For example – the second I set my Privacy preference to “Do Not Track” I expect all 3rd party cookies to be blocked. In fact you could also make the case that I don’t want any cookies on my device.
And herein lies the problem and the reason for Wernher’s quote. The Web was designed to track. Because I cannot ever know my real time device capabilities there had to be a mechanism by which a Web site could “remember” you. Welcome to cookies.
Here’s Wikipedias definition of cookies:
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user’s computer.Cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities—a major privacy concern that prompted European and US law makers to take action. Cookie data can also be illicitly disclosed by hackers to gain access to a victim’s web account.
Remember HTTP is a stateless protocol – and the only way you can “CURRENTLY” add state is via a cookie. Cookies are required for just about everything these days. Imagine trying to buy something on the Web without the ability to use a cookie. It would be impossible.
So setting a binary preference for my privacy is very well intentioned, however the reality is going to be something that I wasn’t expecting. The very method that currently makes the Internet experience work is the one that is causing the problem. An incredible amount of money has been invested in keeping the status quo. In fact you can almost imagine that any Privacy initiative will fail simply because of the amount that must be invested by content providers to change the way they’ve been doing business.
Which leads me to the title of my next blog post – The Innovators Dilemma – Improving the Internet so I have a choice in how it recognizes me.