Monday, September 13, 2010

Online privacy is more complicated than many realize

Paul Rubin of the Wall Street Journal wrote a piece discussing 10 of the most dangerous myths about privacy online. I have to admit that I hadn't thought of a couple of them. Several of them are related, and if policy is decided based on any of them it could have serious effect on the way we experience life online. I'm going to look at the first five myths today, and the second five tomorrow.

Rubin's first five myths:

1. Privacy is free. It is not possible to gain more privacy without losing something. The more privacy, the less information available for websites to market to advertisers, the fewer targeted ads and the less targeted content, and the less efficiently websites can serve their customers. Information is the oil of marketing, as much on the web as in the real world. The less information, the less efficiently the engine runs.

2. If there are costs of privacy, they are borne by companies Facebook has made a business model out of proving this one wrong. The more information Facebook gathers, the more personalised the site can be for each user, the more able Facebook is to connect you to people you knwo, and the more targeted ads can be, so Facebook can offer advertisers blocks of users who match their target demographic extremely closely, which means more money to improve services for users. Total privacy isn't desirable, even if it was possible. As noted in myth 1, information is essential to the smooth running of the internet as we know it. But total sharing of information isn't desirable, either.

3. If consumers have less control over information, then firms must gain and consumers must lose. See above. Information makes it possible for businesses to tailor their online offerings to site visitors. Imagine Facebook if it didn't gather any information. The experience would be totally different, and it wouldn't have half a billion users.

4. Information use is "all or nothing" The assumption is that businesses will continue to operate and offer services even without the information they currently gather. That may be true, but services may suffer. I liked the example Paul used:

For example, search engines can better target searches if they know what searchers are looking for. (Google's "Did you mean . . ." to correct typos is a familiar example.) Keeping a past history of searches provides exactly this information. Shorter retained search histories mean less effective targeting.

We may not realize how much we rely on targeted searches, but I remember when searching for "black hair care" had porn sites for the first five results, and that was not what I was looking for.

5. If consumers have less privacy, then someone will know things about them that they may want to keep secret. I don't entirely agree with Paul on this one. He says:

Most information is used anonymously. To the extent that things are "known" about consumers, they are known by computers. This notion is counterintuitive; we are not used to the concept that something can be known and at the same time no person knows it. But this is true of much online information.

He's right, to a point. But it has been shown several times that it is impossible to truly anonymize personal information and still have it be useful, and even anonymized information can be used to find someone. All it takes is a birthdate, gender and zip to allow most people to be identified. Gender plus age plus zip code will narrow it down within a few hundred people or less. And social networks allow individuals to put any and everything about themselves online for the world to see. There does need to be some regulation. Privacy is important. So is a businesses ability to gather information about it's customers so it can better serve them. But there should be a limit to what businesses can gather.

See the next five myths tomorrow.