Why opt out is such a cop out
Don't like being tracked? Just opt out, says the ad industry -- and then makes that process as onerous as humanly possible.
About a week ago I wrote a piece asking why RapLeaf, a data mining company with a controversial history, had failed to remove my personal profile from its database, despite my strong recollection of having opted out some two years ago.
With some help from RapLeaf, I finally figured out what happened: I did in fact opt out two years ago, but I did so using a different email address than the one attached to the profile I found last week.
First: Apologies to RapLeaf for implying that it does not honor opt out requests, which is a fairly serious charge for a data mining company these days. My bad. Tell the FTC to call off the hounds.
Second: This is a classic example of why opt out as a form of privacy protection is almost totally useless.
Now RapLeaf operates a little differently than most data mining companies on the Internet. It actually ties your identity, via your email address, to your data. So when you opt out of RapLeaf’s database, you do it across all devices and browsers at once.
Of course, if you’re a geek like me and have several working email addresses, you need to opt out of all of those addresses if you really don’t want RapLeaf building a profile of you.
That sounds bad, but it’s actually far better than how most Web tracking/data mining companies operate. They collect data anonymously (or pseudonymously), using browser cookies to identify you. That means if you want to opt out of being tracked, you have to do it for every browser on every device you use. Again, if you’re a geek like me, that means three or four browsers on my desktop and laptop, as well as browsers on my tablet and phone. And of course, whenever you get a new device, you have to do it all over again.
Wait, it gets worse. The Network Advertising Initiative offers a global opt out for 86 of its members. Check a box, click Opt Out, and you’re done. The Digital Advertising Alliance has its own opt out page listing some 480-odd tracking companies. But when you select global Opt Out there, it only works for 210 of them. If you want to opt out of the other 270 companies, you have to visit each of their Web sites, one at a time, and find the opt out link (if there is one).
And then do it for every single browser, on every device you own.
This is beyond onerous. You’d have to be an insane person (or writing a book about this) to go through that level of pain. And that is deliberate. There may be technical reasons why all of these companies can’t use the same opt out cookie, but the real reason is that nobody wants you to do it. They make twice as much money from delivering targeted ads than non-targeted ones. And the market for profile data that can be used for things other than advertising has barely been tapped.
There are a few other rather sizable problems with opting out of tracking. One is that, because the opt out mechanism relies on a third-party cookie, if you happen to clear out those cookies, you’ve essentially opted back in to tracking.
The other problem: Opting out of tracking is not the same as opting out of data collection. These companies will continue to hoover up data about you and your Web habits, they just won’t use it to send you targeted ads. What is less clear is whether these firms can collect profile data and use it for purposes other than advertising. That’s where the rubber really meets the road. I’ve been seeking an answer to that question, but I haven’t gotten one yet.
So, to summarize: Opting out is not a solution. Yet it is the only solution Web trackers are putting on the table. What’s wrong with this picture? Everything.
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.
Now read this: