To worry is to be. To be is to worry.

Technology Rant

Match: Any word   All words
Note: Searches will not find words, such as 'technology', that appear in more than half of the articles or words less than four letters long.

By Joel Klebanoff

Surfing Naked

Do you surf naked? Don't get me wrong. I'm not asking if you literally surf nor am I inquiring as to whether you're usually in the buff when and if you do. I'm not now nor have I ever been a surfer, but I imagine that taking a tumble on a surfboard while naked could be quite painful and, if you're a male, possibly a gender-changing experience. What I was wondering is whether you expose yourself while surfing on the Web. No, wait. That didn't come out right either. What I meant was, when you're browsing the Internet do you make private bits of information about yourself available to strangers? If you think the answer is "no," you're probably wrong.

As a public service, before I get into this week's rant, I'm going to go off on a brief tangent. If you usually are, in fact, literally naked while connected to the Internet, you might want to unplug your Webcam unless you're an exhibitionist. Back in 2004, Sophos, a security software supplier, warned of a worm (an electronic invader, not an invertebrate that slithers along sidewalks just begging to be stepped on after a rain) that allows an attacker to take over your computer and sneak a peek through your Webcam, even if you think that the camera is not broadcasting at the time. So, beware. You never know when a dirty old man might be lurking on the Web. Of course, I'm not referring to myself. I have no idea how to hack into a Webcam.

Before I get back to my intended topic, please allow me a few moments while I compose myself after having formed a mental image of you surfing naked. Just as an aside, some of you might consider spending more time working out. It's only a suggestion. I, for one, can feel comfortable continuing in my sedentary ways because I don't have a Webcam.

Note to the people at MC Press: Maybe you were right. Maybe I am incorrigible.

OK, I'm once again focused on the matter at hand, so let's steer back to what I wanted to babble on incessantly about…er, uh, I mean, write cleverly about. There's a lot more information about you out on the Web than you might think. For example, on August 9, 2006, The New York Times and a number of other news outlets ran a story about AOL's release of the details on 20 million Web searches that had been performed on its site. Anyone and everyone who wanted that information could access it.

AOL thought it had maintained people's anonymity because it didn't release searchers' names. Instead, each searcher was identified by a number. Oh, well then, no problem, you say? It wasn't an invasion of privacy because there was no way to tie searches to a specific person, right? Well, in the cases of most searchers, you'd be right, but that wasn't true for everyone. Someone (the article didn't make it clear if it was one of The New York Times' reporters) was able to track down a searcher using only her search terms. For instance, she searched for landscapers in her hometown and for information about real estate values surrounding her house, among other queries that helped to narrow down her identity. Needless to say, the searcher was surprised when confronted and asked if she had performed those searchers. And, yes, she did recognize them as hers.

It's easy to imagine some of the harm that could result from the misuse of this information as it could lead someone to the wrong conclusions. For example, if I had seen, without any explanation, some of the queries the searcher performed, my first reaction would have been to dispatch an ambulance urgently. Or, because some time had elapsed between the searches being performed and the information being made public, it might have been more appropriate to send out the coroner. You see, the searcher likes to do research on the diseases that elderly friends reveal they have. Consequently, assuming that the searcher has every ailment she entered into the AOL search screen would lead you to believe that she is an exceptionally sick person.

For many of us, one of the reasons why we prefer privacy is simply that we'd like, as a personal choice, to keep some information about us confidential. Yes, I know that's a tautology. Nonetheless, the failure of a company to live up to privacy expectations is a concern simply because, as the tautology suggests, it fails to respect our wishes, but there are other, more serious, issues. A health or life insurance company that got hold of the searcher's information might mistakenly deny her coverage. Furthermore, neighbors and friends who are squeamish about other people's medical problems might shun her.

The release of the AOL information turned out to be a serious mistake. At least, that's what the company said after the fact. The AOL group that put the data on the Web did so intentionally in the belief that it would benefit academic researchers, but the company claimed that the group had not been authorized to release the data. AOL apologized and removed the data. However, the Web being what it is, there are apparently still copies of it available elsewhere.

Thanks to the hell that was raised over its actions, it's unlikely that AOL or any other search site will repeat that mistake anytime soon. They may store the information for internal use, but none of them will be so foolish ever again, at least not for the few months that have to elapse before the media and the public forget about the incident. Nevertheless, even if that sort of information is never released publicly again, who knows if it will be made available privately, on a case-by-case basis, to other organizations or to the search firms' own marketers—or to some malevolent hacker?

I'm probably just being paranoid. Most of us aren't anyone special. Who would ever be interested in using personal information about us? Actually, a lot of people would if you believe an August 15 New York Times story. The article mentioned that Yahoo has a sophisticated computer system that analyzes what you do on its sites—what you read, what you search for, what ads you click on, etc. It uses that information to show you ads that they think will be of interest to you. For example, according to the article, if you search for "hybrid cars," Yahoo classifies you as "Consciously Cruising." If you click on an ad for a moving van, you're labeled as "Home Hopping." After they've pigeonholed you, a higher proportion of the ads you view when you surf Yahoo sites will be particularly relevant to you and your peer groups.

One thing that I found amazing is that Yahoo collects information on 300 different behaviors. Jeez. I didn't know there were 300 different behaviors! I can think of only two, good and bad. Even that could still be useful. Limiting the behavior taxonomy to just "good" and "bad" could be used to determine whether you're shown ads for porn sites or for upstanding charities. I'll leave it up to you to figure out who would see which and what constitutes good versus bad behavior.

Sure, companies collect information about us that we might prefer to be kept confidential, but you're safe if you stick to surfing sites of reputable companies, right? After all, they post privacy policies and, being reputable, they adhere to those policies. Maybe, but consider this: At one time, Enron and WorldCom were considered to be reputable companies. Yet that's probably not the biggest problem. Left-wing conspiracy theories aside, most major corporations are fairly responsible. They probably do try to stick to their privacy policies, but how often do you bother to read the typically long and full-of-legalese privacy policies of the myriad sites you visit? That's what I thought. Me too. So how do you know that you'd be happy with the privacy policies that reputable companies are adhering to?

Like AOL, Google stores information about all searches made through its engine. But don't worry; it has a privacy policy. By the way, that policy specifically states that Google "may share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm." Remember, "including" isn't a synonym for "exclusively." So what other circumstances might be included in those "limited circumstances?" The privacy policy doesn't say.

This is not a new concern. Years ago, and still today, marketing gurus touted the concept of "one-to-one marketing." The idea then, as now, was that marketers should use the information they have about you to send you promotions that will be of specific interest to you. The difference between then and now is that when one-to-one marketing was first being promoted, the tools that marketers had to collect and use personal information weren't nearly as powerful.

The tools may have changed, but the issues haven't. The deal that one-to-one marketers wanted to make with us went something like this: We would give them a whole whack of personal information and they, in turn, would use that information to send us only promotions relevant to us, rather than junk mail. That doesn't sound like a bad a tradeoff. There's just one problem. It never quite worked as promised.

Today, a lot of companies have a great deal more information about me than I'd like them to have, but my old-time mailbox is still regularly filled with junk mail. The biggest difference as far as I can see is that it's no longer just my physical mailbox that fills up with junk. Now I also have to have a broadband Internet connection to handle all of the spam that pours through the electron pipes.

Another difference between now and then is that the web (pun intended) of information is much wider and more subtle today. Who knew that Google and the other search engines were storing information about all of the searches we perform? Until I read the New York Times articles, I honestly had no idea that was happening. And they're not keeping solely aggregate information. I'd have no problem with that. No, they store detailed information about individual searches. They assign an ID to each search so they can correlate all searches for an individual. And if a search is performed by someone who signed up for one of the company's other programs, such as a free email account, the search company can tie that search to a specific name and email address.

When I learned that search engine data collection was going on, my first reaction was uh-oh. I started remembering all of the searches I had performed to research these columns alone. Keep in mind that I've written articles on spam that's used to promote male enhancement products, porn that's displayed on iPods, anti-terrorist technologies employed at airports, some Pentagon high-tech programs that are intended to create robotic and cyber-enhanced soldiers, and more. Given everything that Google, my search engine of choice, knows about me, I think I can kiss goodbye any dream I may have of ever working there once it takes a gander at my search history.

Here's a little idea I had to get back at these snoops. A whole group of us should get on the Internet and start doing searches like "Internet privacy lawsuit," "crackerjack privacy lawyer with billion-dollar settlements," "privacy and consumer boycotts," and "how to drive Internet snoops bankrupt." That ought to make them more than a little nervous when they analyze the data.

This article originally appeared as part of a weekly series of "Tech Tirades" in MC TNT from MC Press Online. The first year's worth of Tech Tirades does not appear here. Instead, you can find them in BYTE-ing Satire.

Home About Book Technology Rants Contact Blog
Political Blog
© Copyright 2005 - , Klebanoff Associates, Inc.  All rights reserved.