When 'anonymous' data isn't anonymous
What do Web trackers do when the 'anonymous' data they gather reveals your identity? They redefine the word "anonymous."
Last Saturday the Wall Street Journal published another great article in its “What They Know” series on Internet privacy, which has been nominated for a Pulitzer (and rightly so). This one was about what both click and brick retailers know about you when you go shopping. If you care a whit about your personal privacy, you should read this story.
It starts with a guy named Andy Morar in Atlanta. He’s shopping for a high-end SUV online, so he decides to send his name and contact information to a local BMW dealership. Unbeknownst to Morar, however, his data is also shared with a Web tracking company called Dataium LLC, which sends the dealership a tidy summary of where else Morar has been shopping for a car on the Web.
That’s not the worst part. Here’s what Dataium told WSJ reporters Jennier Valentino-Devries and Jeremy Singer-Vine when they called.
Dataium said that shoppers' Web browsing is still anonymous, even though it can be tied to their names. The reason: Dataium does not give dealers click-by-click details of people's Web surfing history but rather an analysis of their interests.
1: of unknown authorship or origin <an anonymous tip>
2: not named or identified <an anonymous author> <they wish to remain anonymous>
3: lacking individuality, distinction, or recognizability <the anonymous faces in the crowd> <the gray anonymous streets — William Styron>
See anything in there about anonymity = knowing someone’s name? Me neither. This truly astounding quote tells you everything you need to know about why the online tracking industry desperately needs intervention from a higher power.
For years, online advertisers have been playing an Orwellian game with the language, attempting to redefine terms like “opt in” and “do not track.” Now they’re trying to change what “anonymous” means. And Dataium is hardly alone.
The WSJ tested 50 top sites to see what kinds of information they shared with third party tracking, analytics, and advertising companies. A dozen of them shared email addresses or full names (including, interestingly enough, the Journal’s own site.) The journal also looked at 20 sites that deal with sensitive information – like dating services, medical information, or sites catering to kids. Nine of them shared identifying information with third parties.
For an interactive (and easier to read) version of this chart, click here.
The problem? Per the Journal:
In the past, tracking companies and retailers had a tougher time identifying online users. Today, a single Web page can contain computer code from dozens of different ad companies or tracking firms. These separate chunks of code often share information with each other. For example: If, like Mr. Morar the car-shopper, you give your name to a website, it can sometimes be seen by other companies with ads or special coding on the site.
It's so easy to share such information that many of the sites the Journal contacted said they were doing so accidentally. The problem is easy to solve, but it has persisted for years.
Naturally, the sites that share this information invariably rely on one of two defenses: The information is gathered anonymously (even when it isn’t) or the sites that receive this information don’t use the non-anonymous data.
Or, like Dataium, they just redefine the word “anonymous.”
Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.
Now read this: