We need higher privacy standards

Industry insiders defend Google's Safari hack and Path's phonebook theft as standard industry practices. We can -- and must -- do better than that.

There have been a couple of huge stories on the privacy front recently that point out a much bigger problem: How the biggest players in the tech industry treat our collective data as their own private plaything. To wit:

Privacy snafu #1. The Path to self destruction

Mobile social network Path was put through the meat grinder over the last two weeks after an app developer discovered Path was grabbing address books off its users’ phones and storing the data on its servers. 

The violent reaction to Path’s purloining of user phonebooks surprised non-journalist Michael Arrington, who called it an “industry standard” practice:

…this ongoing Path story has definitely surprised me. Partly because I’ve never seen a single company take such a staggering hit for doing something that, while wrong, is quite clearly industry practice. If you’ve used a mobile social app that suggested friends to you, it almost certainly uploaded your address book, and almost certainly did it without your permission.

Sure enough, it seems Facebook, Twitter, FourSquare, Yelp, Instragram and other massively popular mobile apps do or did much the same thing – and, until the controversy over Path blew up, mostly on the QT. Path immediately rolled over and said it would stop doing that. Most of the other apps hastily cobbled together some consent screens that more clearly described what they were doing.

Some blamed Apple for letting this happen, thanks to an API that allowed developers to dip into people’s phones and scoop out their address books, despite the fact Apple’s guidelines specifically prohibit this practice.

Apparently giving app developers access to users’ phonebooks is like leaving Rosie alone with a plate full of Girl Scout Cookies. Is it really their fault they lack all self control?

Privacy snafu #2. Google goes on Safari

Stanford researcher Jonathan Mayer revealed that Google was deliberately bypassing default privacy settings in Apple’s Safari browser to deposit third-party tracking cookies, and three other major ad networks followed suit, according to a report in the Wall Street Journal.

John Battelle, founder of online ad company Federated Media, questioned whether Google was in the wrong for following “common Web practice.”

Google circumvented Safari’s default settings by using some trickery described in this WSJ blog post, which reports the main reason Google did what it did was so that it could know if a user was a Google+ member, and if so (or even if not so), it could show that user Google+ enhanced ads via AdSense.

In short, Apple’s mobile version of Safari broke with common web practice,  and as a result, it broke Google’s normal approach to engaging with consumers. Was Google’s “normal approach” wrong? Well, I suppose that’s a debate worth having – it’s currently standard practice and the backbone of the entire web advertising ecosystem –  but the Journal doesn’t bother to go into those details. One can debate whether setting cookies should happen by default – but the fact is, that’s how it’s done on the open web.

Amazingly, other big Web 2.0 thinkers like Tim O’Reilly agreed with Battelle.

In other words, it’s ok for Google to circumvent users’ privacy settings because a) it was Safari’s default setting, not truly users’ choice, and thus doesn’t really count, and b) everyone else does it.

I know Google is good, but please tell me: When did it develop the ability to read peoples’ minds? Because if my browser is set to reject third-party cookies, there is no other way for Google to know whether that decision was mine or the company that wrote the browser code. And it doesn’t matter. It’s my browser setting. End of discussion.

Does anyone else here really want an Internet where the most powerful companies do whatever they damned well please until they get caught, then deny they did anything wrong and promise to never do it again (until the next time they get caught)?

If these two things – grabbing people’s mobile phonebooks and dropping tracking cookies on their devices without consent – are standard practices, then one thing is clear: We need higher standards than that.

To paraphrase the old R&B classic, if this is how it feels to be right, I’d rather be wrong.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon