Most consumers are concerned about online privacy and behavioral profiling. Recently, KnowPrivacy, a research project, published a report that looked at the 50 most visited websites to better understand disclosures about the types of data collected about users, how that information is used, and with whom it is shared. Their research on privacy policies revealed that most of these top websites collect information about users and use it for customized advertising, but contained unclear statements about data retention and the purchase of data about users from other sources. While most of these websites had privacy policies saying that information would not be shared with third parties, many allowed third-party tracking through web bugs, essentially the same thing.
Further, most privacy policies also stated that information could be shared with affiliates. For these 50 most visited websites, the average number of affiliates was 297. Most users do not know and cannot learn the affiliates with which websites may share information.
Most of us are concerned about websites collecting information about us and using it for behavioral advertising. Further, we desire control over the collection and use of information about us, but we lack the knowledge and understanding about data collection practices and policies.
This paper outlines the ways in which websites collect data from consumers, and what they do with it.
Normal Website Tracking
When you visit any website, the website’s server automatically collects information about you, including your IP address, web browser, type of operating system, webpage visited, referring page, and the visit time. A cookie is used to keep track of you as you visit various pages on a website. A cookie is a text file that is installed on your machine which usually contains a unique identifying number. Some cookies are temporary and some may be saved on your hard drive and used for multiple visits.
Third Party Tracking: Cookies and Web Bugs
Many websites are supported financially by advertising, and usually these ads are not served directly from the website itself, but from advertisers. These advertisers can place a cookie on your machine. Since advertisers place ads on multiple sites, this cookie allows the advertiser to observe your behavior across many sites.
However, web bugs are a type of third-party tracking that is completely invisible to the user. Web bugs allow third parties that do not serve ads to place cookies on your browser and track your navigation across the web. Web bugs are embedded in a web page’s HTML code, and are typically a small graphic embedded in the page that monitors who is reading the page. Ad networks use web bugs to create a profile of what sites you are visiting. This personal profile allows the network to track your behavior across many sites over time. Web bugs can track the IP address of your computer, the web page content, the visit time, your browser type, and previously set cookie values.
How Website Use Your Information
Website owners use this information they compile about you for various purposes, such as developing and improving their websites. Or they can customize a website to your individual taste. An e-commerce site such as Amazon can make product recommendations based on previous purchases or deliver targeted ads. Many of these uses are benefits actively sought by consumers.
However, websites also sell personal data about you to third parties. Websites share this data with marketing partners or corporate affiliates, which means that your behavior may be profiled not only by sites you have visited, but also by other entities with which these sites share this information. Many websites’ privacy policies stated that they do not share data with third parties, but many allow third parties to track user behavior directly through the use of web bugs.
Websites also purchase more data about you to build better profiles. Some companies, such as ChoicePoint, exclusively sell personal information. These data brokers acquire information from phone books, court documents, voter registries, and other public records. These brokers have websites where much of this information can be found and purchased by anyone. About a quarter of the top 50 websites expressly stated that they buy information about users from third parties to supplement data they collected directly from their users.
Why Privacy Policies Don’t Work
Originally, website privacy policies were an attempt to create transparency so that users could make informed decisions about which sites they use based on the site’s data collection practices. However, most users do not even read privacy policies, which have led to few changes to data collection practices.
Here’s why current privacy polices don’t work:
- Privacy policies are hard to read. Most privacy policies are written in legal language that is hard to understand, so we usually don’t even read them.
- Privacy policies sound like they are protecting user’s privacy. Most users believe they do not have to read privacy policies, because the mere presence of them implies a level of (often false) privacy protection.
- It takes too long to read privacy policies. If we all actually read privacy policies, it would take us more than 200 hours to read all the policies for all the websites we visit in a year.
- Most privacy policies sound the same, so it is difficult for us to make informed choices. Most websites collect computer and click stream data, as well as contact and uniquely identifying information. Also, many website policies are vague about what they collect and what they do with it. Because they are all equally poor, we don’t know what other options we have.
- Oftentimes, we don’t really care about our privacy. Most consumers are not aware of the dangers they face from online privacy violation. And even when we are concerned, it is difficult to evaluate the policies of different websites.
How You Can Protect Your Online Privacy
Right now, the technology of the advertisers has gotten ahead of most defenses that web browsers have been able to establish. However, there are a few things that you can do.
One thing you can to protect your online privacy against web bugs is to disable third-party cookies, which limits the types of information advertisers can collect. However, this does not remove the web bug itself, since it is part of a web page and not a cookie. Removing cookies prevents the tracker from identifying you as an individual user, but the web bug can still track navigation data using your IP address.