IE9 privacy features

Lorrie Cranor has a nice blog post on the new privacy features of IE9.

Online shopping, privacy, tracking and me on tv

KDKA news, in Pittsburgh, did an article on the FTC’s new ‘Do Not Track’ List proposal.

The exciting news is that I have a silent role in the video as a “shopper” and I’m using Ghostery.

The Boucher Bill

Issues of behavioral advertising and online collection of personally identifiable information have been major issues of late. I previously blogged about behavioral advertising and the different ways online advertisers can track you as you move around the internet. But behavioral advertisers aren’t the only source of concern.

Large social networking sites have access to a bewildering amount of personally identifiable and potentially very private data. Sure they have privacy policies in which they claim to respect your privacy but most of the policies also state that the company can change their privacy policy at any time and the new policy immediately applies to all exiting data they have on you. The EFF recently posted a nice time lapse of Facebook’s privacy policy changes from 2005 to 2010 and the New York times recently showed that the current Facebook privacy policy is longer than the US Constitution.   Amongst its many clauses is the fact that other websites are automatically given access to your data when you use Facebook Connect, developers can infinitely store your data, and any applications your friends use have the right to access and store your data too.

The Boucher Bill is an attempt by law makers to force organizations who collect data online and off to provide informed consent to their consumers. The information law group has an excellent breakdown of the Boucher Bill which is definitely worth a read.

Some major points from the bill:

  • Organizations need to provide privacy policies but they can assume that users who use the service have implicitly consented to the policy (opt-out).
  • The bill requires companies to have users opt-in to major privacy policy changes.
  • Express affirmative consent (opt-in) must be obtained before personal data can be sold to other organizations.
  • Organizations can share personally identifiable information with parents and affiliates without notifying users provided the information is not used for marketing purposes.
  • Organizations must provide the policy and get express consent (opt-in) from customers before collecting any sensitive information such as medial information.
  • Consumers must opt-in to any sharing of location information.
  • Organizations cannot collect information about consumer’s browsing across site behavior unless they obtain express consent from the consumer before collecting information (0pt-in).
  • Organizations collecting information from less than 5,000 people per year are exempt.

Update: The CDT has a set of comments on the Boucher Bill.

Behavioral Advertising

Behavioral advertising is used by groups, such as online advertisers, to track users as they move around the internet. This method allows third parties to infer and learn significant amounts of information about users and their browsing habits. Members of my research lab, CUPS, have studied how users perceive the issues surrounding behavioral advertising.

Researchers in the Computer Science Department at Worcester Polytechnic Institute are interested in educating users about what information your browser shares with web pages it visits. They setup a web page called What They Know where users can go to see what information they are broadcasting. Users visitors can also see the trends from past visitors.

Update: EFF has a site you can visit which shows the identifiable information your browser broadcasts to every site you visit.

Update: What They Know has published a report of their findings.