Free Data and Goliath by Bruce Schneier
Authors: Bruce Schneier
more hundreds of tattletale little brothers.
Today, Internet surveillance is far more insistent than cookies. In fact, there’s
a minor arms race going on. Your browser—yes, even Google Chrome—has extensive controls
to block or delete cookies, and many people enable those features. DoNotTrackMe is
one of the most popular browser plug-ins. The Internet surveillance industry has responded
with “flash cookies”—basically, cookie-like files that are stored with Adobe’s Flash
player and remain when browsers delete their cookies. To block those, you can install
FlashBlock. But there are other ways to uniquely track you, with esoteric names like
evercookies, canvas fingerprinting, and cookie synching. It’s not just marketers;
in 2014, researchers found that the White House website used evercookies, in violation
of its own privacy policy. I’ll give some advice about blocking web surveillance in
Chapter 15.
Cookies are inherently anonymous, but companies are increasingly able to correlate
them with other information that positively identifies us. You identify yourself willingly
to lots of Internet services. Often you do this with only a username, but increasingly
usernames can be tied to your real name. Google tried to compel this with its “real
name policy,” which mandated that users register for Google Plus with their legal
names, until it rescinded that policy in 2014. Facebook pretty much demands real names.
Anytime you use your credit card number to buy something, your real identity is tied
to any cookies set by companies involved in that transaction. And any browsing you
do on your smartphone is tied to you as the phone’s owner, although the website might
not know it.
FREE AND CONVENIENT
Surveillance is the business model of the Internet for two primary reasons: people
like free, and people like convenient. The truth is, though, that people aren’t given
much of a choice. It’s either surveillance or nothing, and the surveillance is conveniently
invisible so you don’t have to think about it. And it’s all possible because US law
has failed to keep up with changes in business practices.
Before 1993, the Internet was entirely noncommercial, and free became the online norm.
When commercial services first hit the Internet, there was a lot of talk about how
to charge for them. It quickly became clear that, except for a few isolated circumstances
like investment and porn websites, people weren’t willing to pay even a small amount
for access. Much like the business model for television, advertising was the only
revenue model that made sense, and surveillance has made that advertising more profitable.
Websites can charge higher prices for personally targeted advertising than they can
for broadcast advertising. This is how we ended up with nominally free systems that
collect and sell our data in exchange for services, then blast us with advertising.
“Free” is a special price, and there has been all sorts of psychological research
showing that people don’t act rationally around it. We overestimate the value of free.
We consume more of something than we should when it’s free. We pressure others to
consume it. Free warps our normal sense of cost vs. benefit, and people end up trading
their personal data for less than its worth.
This tendency to undervalue privacy is exacerbated by companies deliberately making
sure that privacy is not salient to users. When you log on to Facebook, you don’t
think about how much personal information you’re revealing to the company; you chat
with your friends. When you wake up in the morning, you don’t think about how you’re
going to allow a bunch of companies to track you throughout the day; you just put
your cell phone in your pocket.
The result is that Internet companies can improve their product offerings to their
actual customers by reducing user privacy. Facebook has done
Today, Internet surveillance is far more insistent than cookies. In fact, there’s
a minor arms race going on. Your browser—yes, even Google Chrome—has extensive controls
to block or delete cookies, and many people enable those features. DoNotTrackMe is
one of the most popular browser plug-ins. The Internet surveillance industry has responded
with “flash cookies”—basically, cookie-like files that are stored with Adobe’s Flash
player and remain when browsers delete their cookies. To block those, you can install
FlashBlock. But there are other ways to uniquely track you, with esoteric names like
evercookies, canvas fingerprinting, and cookie synching. It’s not just marketers;
in 2014, researchers found that the White House website used evercookies, in violation
of its own privacy policy. I’ll give some advice about blocking web surveillance in
Chapter 15.
Cookies are inherently anonymous, but companies are increasingly able to correlate
them with other information that positively identifies us. You identify yourself willingly
to lots of Internet services. Often you do this with only a username, but increasingly
usernames can be tied to your real name. Google tried to compel this with its “real
name policy,” which mandated that users register for Google Plus with their legal
names, until it rescinded that policy in 2014. Facebook pretty much demands real names.
Anytime you use your credit card number to buy something, your real identity is tied
to any cookies set by companies involved in that transaction. And any browsing you
do on your smartphone is tied to you as the phone’s owner, although the website might
not know it.
FREE AND CONVENIENT
Surveillance is the business model of the Internet for two primary reasons: people
like free, and people like convenient. The truth is, though, that people aren’t given
much of a choice. It’s either surveillance or nothing, and the surveillance is conveniently
invisible so you don’t have to think about it. And it’s all possible because US law
has failed to keep up with changes in business practices.
Before 1993, the Internet was entirely noncommercial, and free became the online norm.
When commercial services first hit the Internet, there was a lot of talk about how
to charge for them. It quickly became clear that, except for a few isolated circumstances
like investment and porn websites, people weren’t willing to pay even a small amount
for access. Much like the business model for television, advertising was the only
revenue model that made sense, and surveillance has made that advertising more profitable.
Websites can charge higher prices for personally targeted advertising than they can
for broadcast advertising. This is how we ended up with nominally free systems that
collect and sell our data in exchange for services, then blast us with advertising.
“Free” is a special price, and there has been all sorts of psychological research
showing that people don’t act rationally around it. We overestimate the value of free.
We consume more of something than we should when it’s free. We pressure others to
consume it. Free warps our normal sense of cost vs. benefit, and people end up trading
their personal data for less than its worth.
This tendency to undervalue privacy is exacerbated by companies deliberately making
sure that privacy is not salient to users. When you log on to Facebook, you don’t
think about how much personal information you’re revealing to the company; you chat
with your friends. When you wake up in the morning, you don’t think about how you’re
going to allow a bunch of companies to track you throughout the day; you just put
your cell phone in your pocket.
The result is that Internet companies can improve their product offerings to their
actual customers by reducing user privacy. Facebook has done
Similar Books
Maxwell's Point
M.J. Trow
The Believers (The Breeders Series - Book 2)
Katie French
Death of an Avid Reader
Frances Brody
Crystal Gryphon
Andre Norton
Out of the Blue: A Pengram Mystery
Scarlett Castrilli
The Book of Someday
Dianne Dixon
Claimed by Light
Reese Monroe
A Handicap of the Devil?
Allen Lyne
A Family for Christmas (Contemporary Romance Novella)
Helen Scott Taylor
Prince Thief
David Tallerman