In other words, you don't have to visit Mancrunch.com for Facebook to know you're gay, or Marlboro.com for advertisers to detect your nicotine addiction. They'll buy that information for pennies from a data broker who inferred those conclusions based on other things you've done online.
3. Weblining for fun and profit
So a Web tracker knows you're gay and you smoke, but doesn't know your name or other personal information. What's the harm?
If you've ever applied for a job, a loan, insurance, or just about anything else in the past couple of years, you probably started by going online and filling out a form. The site where you did that could easily have access to one of your profiles. If you've been tagged as a gay smoker by some data mining company, the employer or the bank won't have to ask you if you enjoy the occasional puff – they'll already know.
Some online banks are already starting to use Facebook profiles as a way to identify poor credit risks. If your friends are deadbeats – or at least, fit the profile of likely deadbeats – you probably are one too. Why risk it, when it's safer to just issue an immediate rejection?
In the real world, refusing to sell insurance or offer loans to residents of certain neighborhoods – typically containing a high percentage of minorities -- is called “redlining.” It's illegal, though difficult to prove. Online it's called “Weblining.” Aside from some regulated industries (like health and financial), Weblining is not illegal. And proving it? Good luck.
This isn't just theoretical whining from privacy nut-jobs. Both the Network Advertising Initiative and the Digital Advertising Alliance have agreed to not collect or use tracking information “for the purpose of making an adverse determination of a consumer’s eligibility for employment, credit standing, health care treatment and/or insurance underwriting.”
Bravo to the NAI and DAA for pro-actively adopting those restrictions. But these principles are voluntary and only apply to NAI and DAA members. What about the 600+ tracking companies that aren't members of the NAI or the DAA? What are they going to do with your data? Who's watching them? Who's going to stop them?