The science of internet privacy

Targeted advertising, tracking data pose biggest threats

The Internet has developed into an increasingly paramount threat to personal security, and several major web companies have started to take actions to bolster the privacy of their users. The federal government also has stepped in, pressuring other web companies to take steps to protect the privacy of individuals on the web.

"The majority of people have no idea about the implications of revealing their personal information online," Computer Science Prof. Alfred Weaver said. Weaver, who conducts research about Internet privacy and security, is quick to point out that very few people read privacy policies and that most instinctively click "Agree" when presented with an end-user license agreement. He believes most people only think about online privacy when their personal information is exploited in some way.

"There are a lot of ways to share information without intent on the web," fourth-year graduate Engineering student Pieter Hooimeijer said. Hooimeijer researches Facebook privacy and security, and recognizes that personal information can be obtained even without a person's knowledge or explicit permission. For example, Hooimeijer said "many smartphones embed location information in every picture taken [and] if you put those pictures on the web, you're giving away your location."

Microsoft Internet Explorer 9, the next iteration of the most widely used web browser, will include multiple privacy features when it officially is released in the coming months. One such feature is a do-not-track tool, which informs websites that the user does not want his data to be tracked. This tool only will work, however, if data tracking companies respect people's wishes. Mozilla Firefox, the second most popular Internet browser, will include a similar tool in its newest version.

Both Weaver and Hooimeijer believe that the new privacy features will have only a minor impact on online privacy. Weaver added that any tool which blocks certain companies from tracking users will be only moderately effective, since tracking companies simply will find a way around it.

The federal government is also getting involved in Internet privacy. The Wall Street Journal reported Feb. 25 that "last month ... the Obama administration called for an online 'privacy bill of rights' focused on the commercial data-gathering industry." The same report also notes that recently "the [Federal Trade Commission] called for the creation of a do-not-track system." Weaver said such government intervention is inevitable.

It is unclear who is responsible for protecting a user's privacy online. Is it web browsers', websites' or a user's responsibility to safeguard online privacy?

"The majority of the [responsibility] lies with websites," said Jeremy Liu , a third-year math and computer science major. Liu did add, however, that users do bear some responsibility in protecting their personal information. Liu points out that by "by being prudent about what information they make public," people can strengthen their sense of online privacy.

Weaver believes that users, websites and web browsers share the responsibility of protecting personal information online equally. In his opinion, users have an individual responsibility to be careful about what personal data they post online. In addition, he believes web browsers should take steps to ensure that they aren't "leaving users open" to an online privacy breach.

The lack of control of personal data is evident in the precision with which advertisers can target specific users on the web. Through the use of third party cookies, ad agencies are able to put together a partial browsing history for people who visit multiple websites with which they are affiliated.

Tracking data about visitors or allowing an ad agency to do so allows websites to charge more for ads. And for many websites, ad revenue is the only source of income. The Wall Street Journal reported Nov. 5 that the "online advertising industry has argued that putting the onus on Internet users to explicitly grant consent for websites to use personal data ... would hit the industry hard. It would reduce the number of Internet users receiving targeted advertising and thereby, they argue, deprive them of free services." There is no denying that online advertisement is a big business that grows every year. $4.7 billion has been invested into 356 online ad firms since 2007, according to Dow Jones VentureSource, a subsidiary of NewsCorp.

When asked what he thought the biggest threat to personal privacy online is, Hooimeijer responded that it's "ever more precisely targeted advertising". He points out that "from a technical standpoint, user tracking across websites has become easier over the last few years, not harder," which only will lead to more intimately targeted ads.

Some web companies, such as Facebook, are taking steps to provide greater transparency about how they use personal information collected about their users. Facebook officially announced Feb. 25 that it will create "a new privacy policy written for regular people."

Privacy is becoming a relic of the past at the same rate that the web is becoming ingrained in our lives. Regardless of whether new web browser privacy features or rewritten privacy policies are effective, it is reassuring to see prominent web companies working to enhance the privacy of users.

related stories