Privacy, Trust and Profiling.

As anyone who’s been on the Internet for more than three years will remember, several early economic models for online publications, or “Content Providers”, were subscription based. The theory of operation was all those millions of content-starved ‘net users would be willing to pay for monthly access to high-quality production.

And for a few businesses focusing on specialized subject matter, this model can work. Net-based businesses providing everything from real-time stock-market data streams to high-quality medical and scientific research databases to good porn can be supported by paid subscribers. But even specialty providers, and certainly general news sites, have discovered that often the only way to attract an audience is to give your content away to anyone who wants it.

So, where’s the money made? For content sites, some revenue can be generated by way of banner ads, those ubiquitous flashing animated GIFs we’ve all learnt to ignore so successfully. But producing anywhere from $1 to (at best, and rarely) $30 per thousand “impressions”, banner ads are usually only a small percentage of the total revenue a site requires. Also, banner ad impressions are often traded with other sites as a way of gaining additional “eye balls”.

One of the largest providers of banner-advertising on the ‘net is DoubleClick.com, which serves a large percentage of the total ad traffic, and can be found on a large number of sites. What is interesting is DoubleClick collects non-personally identifiable data in order to be able to deliver targeted ads. This includes, but is not limited to, your IP, the server you’re browsing, sometimes the topics being browsed, and whether you clicked on a particular ad.

This wouldn’t be a concern, except for two things. First, DoubleClick have so much of the market they’re actually able to follow a large percentage of the total Internet browsing traffic around the net. Unlike a single web-site owner, who doesn’t have a clue where you’re browsing after leaving their site, DoubleClick gets regular updates as to where you’re browsing every time you encounter one of their ads. Second, if you release your personal information to a DoubleClick partner or owned company, suddenly the non-personal data can be correlated with you.

DoubleClick promise they’re only using this information to improve the browsing experience (read: deliver ads which you might have an interest in), and frankly, many people don’t care. Of course, they’re also not the only organization doing this type of profiling; Visa, Master Card and American Express have been doing such data-mining for years. The sole reason general retail “Air Miles” programs exist is to build accurate profiles on the consuming public.

Citizen’s rights groups have been raising privacy concerns, both in and out of cyberspace, for years. Recent hearings in the US again had rights advocates requesting regulation of personal data collection by organizations over the Internet. The organizations, on the other hand, say they’re doing a fine job of self-regulation.

Does it matter? Does anyone care? Many people, it seems, simply do not mind having accurate profiles built up about them. Anyone who uses an Air Miles card, for instance, is selling their profile data for a few percentage points. Charge card companies gain the same data whenever a purchase is made, and there’s a reason Radio Shack, amoung many others, ask you for your name and address every time you make a cash purchase.

But the Internet goes further, far beyond just purchases, all the way down to sites commonly visited, interests and even search terms submitted to search engines. For only one example, click on the “Shopping” link from www.AltaVista.com, and you’re immediately offered a chance to sign-up to get “points” while using the site. During the sign-up process, you’ve asked to submit a wide variety of personal information.

Gotcha. Now, while you spend the next six months trying to get enough points to qualify for a cheap MP3 player, AltaVista can now correlate everything you search for through their engine to you. Their Privacy Statement promises they won’t share this information with third parties unless you’ve said they can, but they’re certainly able to use this information themselves.

Can the consumer trust all the organizations out there collecting data, both big and small? Probably not. Although I’m not sure regulation will really help a great deal either. The Internet once again appears somewhat lawless, and travelers must take their privacy into their own hands.

While many won’t care, others will install cookie and banner-ad filters. Frankly, locally redirecting a few banner-ad providers’ DNS entries to a local web server, or examining a network snoop log of a browsing session, can be very enlighting. Or, take a look at a browser’s Cookie database. There is more information leakage than most realize, and there is no way to know if or how it’s being used.

Published in the Victoria Business Examiner.