At the FTC’s second Exploring Privacy roundtable at Berkeley in January, many of the complaints about online advertising centered on how difficult it was to control the settings for Adobe’s Flash player, which is used to display ads, videos and a wide variety on other graphic elements on most modern webpages, as well the potential for unscrupulous data collectors to “re-spawn” standard (HTTP) cookies even after a user deleted them simply by referencing the Flash cookie on a user’s computer from that domain—thus circumventing the user’s attempt to clear out their own cookies. Adobe to the first criticism by promising to include better privacy management features in Flash 10.1 and by condemning such re-spawning and calling for “a mix of technology tools and regulatory efforts” to deal with the problem (including FTC enforcement). (Adobe’s filing offers a great history of Flash, a summary of its use and an introduction to Flash Cookies, which Adam Marcus detailed here.)
Earlier this week (and less than three weeks later), Adobe rolled out Flash 10.1, which offers an ingenious solution to the problem of how to manage flash cookies: Flash now simply integrates its privacy controls with Internet Explorer, Firefox and Chrome (and will soon do so with Safari). So when the user turns on “private browsing mode” in these browser, the Flash Cookies will be stored only temporarily, allowing users to use the full functionality of the site, but the Flash Player will “automatically clear any data it might store during a private browsing session, helping to keep your history private.” That’s a pretty big step and an elegantly simple to the problem of how to empower users to take control of their own privacy. Moreover:
Flash Player separates the local storage used in normal browsing from the local storage used during private browsing. So when you enter private browsing mode, sites that you previously visited will not be able to see information they saved on your computer during normal browsing. For example, if you saved your login and password in a web application powered by Flash during normal browsing, the site won’t remember that information when you visit the site under private browsing, keeping your identity private.
Continue reading →
Chris Soghoian has responded to my recent post lauding his Targeted Advertising Cookie Opt-Out (or “TACO” – documented and downloadable here). We’re agreed in the main on user empowerment. The interesting stuff is on the margin: He disagrees with me that blocking third party cookies as I do (and he does too) is a satisfactory approach to suppressing tracking by advertisers.
There are a couple of points worth making about the discussion.
The first has to do with our slightly differing objectives. Chris is deeply focused on advertisers and his dislike of being tracked by advertisers. Though it is not absolute, I have a preference against tracking by anyone other than sites that I know, like, and trust. I’m no more worried about advertisers than any entity that would track my surfing – and there are many.
Again, TLF readers, I ask you to try setting your browser to query you before setting cookies. It’s a real insight into the dozens of entities getting a look at you as you surf, including a bunch of social networks and news sites.
If “advertisers” are what you seek to harness, that seems like a group that can be captured through some kind of centralized control mechanism. (I don’t think it actually is.) But if your goal is privacy as against all comers, you don’t attempt to centrally plan or decide who is good and who is bad. Responsibility rests with the end user.
Let the goal be “advertisers,” though. And I ask: Those social networks and news aggregators – are they “advertisers”? If you’re going to require a subset of Web communicators to obey opt-out cookies, you have to be able to define that subset – a problem Chris doesn’t seem to have thought about yet.
Lots of different publishers, sites, and networks have data that is entirely fungible with the tracking data advertisers collect. What do you get if you push down on the “officially advertisers” part of the balloon? Workarounds.
But I’ve backed into the second point – the means to these ends. Chris soft-pedals how he would get at tracking, but as far as I can tell it’s a law that says “advertisers” have to obey opt-out cookies. Continue reading →
The Progress & Freedom Foundation has just launched the new Center for Internet Freedom. CIF offers an alternative to the proliferation of advocacy groups calling for government intervention online by offering timely analyses and critiques of proposals that diminish the vital role of free markets, free speech and property rights. We aim to drive the Internet policy debate in new directions by emphasizing a layered approach of technological innovation, user education, user self-help, industry self-regulation, and the enforcement of existing laws consistent with the First Amendment. Such an approach is a less restrictive—and generally more effective—alternative to increased regulation.
Here are some of the issues I’ll be working on as CIF’s Director in conjunction with my esteemed colleagues Adam Thierer, Adam Marcus, and adjunct fellows:
- Defending online advertising as the lifeblood of online content & services, especially in the “Long Tail”;
- Emphasizing market solutions to problems of privacy protection, especially regarding the use of cookies and packet inspection data;
- Protecting online speech and expression both in the U.S. and abroad;
- Defending Section 230 immunity for Internet intermediaries;
- Opposing online taxation and legal barriers to e-commerce and digital payments, especially at the state and local levels; and
- Ensuring that Internet governance remains transparent and accountable without hampering the evolution of the Internet.
By Berin Szoka & Adam Thierer
Progress Snapshot 4.19 (PDF)
Since the fall of 2008, a debate has raged in Washington over “targeted online advertising,” an ominous-sounding shorthand for the customization of Internet ads to match the interests of users. Not only are these ads more relevant and therefore less annoying to Internet users than untargeted ads, they are more cost-effective to advertisers and more profitable to websites that sell ad space. While such “smarter” online advertising scares some—prompting comparisons to a corporate “Big Brother” spying on Internet users—it is also expected to fuel the rapid growth of Internet advertising revenues from $21.7 billion in 2007 to $50.3 billion in 2011-an annual growth rate of more than 24%. Since this growing revenue stream ultimately funds the free content and services that Internet users increasingly take for granted, policymakers should think very carefully about what’s really best for consumers before rushing to regulate an industry that has thrived for over a decade under a layered approach that combines technological “self-help” by privacy-wary consumers, consumer education, industry self-regulation, existing state privacy tort laws, and Federal Trade Commission (FTC) enforcement of corporate privacy policies.
In an upcoming PFF Special Report, we will address the many technical, economic, and legal aspects of this complicated policy issue-especially the possibility that regulation may unintentionally thwart market responses to the growing phenomenon of users blocking online ads.
We will also issue a three-part challenge to those who call for regulation of online advertising practices:
- Identify the harm or market failure that requires government intervention.
- Prove that there is no less restrictive alternative to regulation.
- Explain how the benefits of regulation outweigh its costs.
Continue reading →
Comments 
Posted in: Advertising & Marketing, Privacy Solutions, Privacy, Security & Government Surveillance 
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
