Start the Year in Control of Your Online Privacy

January 6, 2011

Want a New Year’s resolution that takes less than 10 minutes, can be done right now, is FREE, and will improve your life all year long? Take control of your online privacy.

Your digital footprint is comprised of your online actions and personal information whether you placed this information online, or some other entity did. This footprint is being tracked by companies and advertisers, digital brokers and cyberthieves, at unprecedented and rapidly escalating levels. While some of what is being tracked is of benefit to you, there are far too many instances where the data collection is exploitive, and you’d be outraged to discover what is being collected, shared, sold, or rented about you.

Those wanting to make a buck off your information say that people no longer care about their privacy; that we live in an era where exposing all our information is the new norm, and they’ve built their business models on this principle though you’ll notice that those on the forefront of espousing the ‘expose-all norm’ go to great lengths to protect their own information and privacy.

To help consumers, Congress and the FTC are now looking into the trampling of your privacy online and formulating legislation that would provide consumers better protections, but you don’t have to wait for an act of Congress to significantly improve your control of your own online privacy.

Take Those 10 Minutes to Greater Privacy NOW

I’ve blogged about PrivacyChoice.org in the past. They’re an organization dedicated to making privacy easier for consumers by offering tools that help you understand and make choices about your online privacy.

Designed and operated by Jim Brock, a technology entrepreneur, former Yahoo! executive and co-founder of Attributor, PrivacyChoice is a phenomenal resource that I highly recommend to you.

Note: I can’t claim the privilege of being associated in any way with this organization; this recommendation is purely my own opinion.

On the PrivacyChoice homepage you’ll see eight key links; four under “Curious?”, and four under “Want Control?” I recommend taking the time to go through all of these, but if you’re in a hurry go through the top three links under “Want control?” first.

Since I last blogged about them, PrivacyChoice has added some cool new tools:

  1. PrivacyCheck, which makes it easy to check the Facebook privacy status of your family and other loved ones. Try it here:
  2. PrivacyChoice Disconnect, which makes it easy to remove your email address from datamining services that connect it to your social network profile. Try it here:
  3. Added a quick way to see how ad companies view you all in one place. Try it here:
  4. Extended the coverage of the TrackerBlock service and added support for Internet Explorer, making it the most effective way to control whether you are tracked online. Try it here:

Once you’ve taken these steps, you will have significantly improved your control over your privacy.

To further improve control over your privacy:

  1. Make sure you have antivirus and antispyware software on all computers. If your computer isn’t protected, it IS infected – and crooks ARE stealing your information.
  2. Review the privacy terms and conditions of every social site you use, AND review your personal privacy settings choices on those sites.
  3. Search yourself using at least two search engines. There is likely to be considerably more than what you have posted. If you want any information removed, work with the websites to see what can be taken down.
  4. Consider whether you want your home to be displayed on online maps, if not, learn How to Remove Images of Your Home from Google’s Street View
  5. Change all your passwords. Learn how to do so smartly here: Safe passwords don’t have to be hard to create; just hard to guess
  6. Do some online “pruning.” Review all your personal contacts in instant messaging (IM), email, social networking sites, forums, blogs, etc. Are they still relevant? Remove anyone you no longer interact with.
  7. Look to find the tracking policies of the key websites you use.
    1. The Wall Street Journal  wrote an excellent series titled What they Know that gives you a tool to look at the top websites and see how they share your information, and you can go directly to their site, or see how I put the privacy issue into context with my blog Could Facebook Go the Way of MySpace?
    2. Install and use PrivacyChoice’s Trackerscan tool. Once you install it, you can click to see what tracking tools are being used on any website you visit. For example, in this picture you’ll see that I looked up the companies that track users on the New York Times website.

I am not opposed to online advertising — it’s what funds our ‘free’ use of internet services. What does concern me is knowing which companies are tracking me and how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do so.

Have a Happy, and private, New Year!

Linda


PrivacyChoice.org – Another Great Site for Managing Behavioral Advertising

November 11, 2010

I blogged about behavioral advertising a couple of weeks ago, and recommended the Network Advertising Initiative’s (NAI) Opt Out of Behavioral Advertising Tool.

Since then, I’ve been informed about another independent project, privacychoice.org, which includes features like a consolidated opt-out bookmark that opts you out of over a hundred ad networks, including those in the NAI.

What does ‘opt out’ really mean?

Advertising companies use information like what you search for, and the websites and web services you use to determine which types of ads to show you. This information may just be used to determine which ads to show on a specific site you’re visiting, or they may be used to place the same ad on multiple sites that you visit, a practice known as ‘retargeting’ or remarketing’ in the advertising industry, and commonly referred to as ad stalking by consumers and privacy groups. See my blog Ad Stalking – When Ads Follow You Online to learn more.

By default your browser (IE, Firefox, etc.) allows companies, including ad companies, to store small bits of information – called “cookies” – that identify your computer as you go from page to page and site to site. These can be very helpful to you – for example, it means a website can ‘remember’ you and your preferences when you revisit the site.

If you don’t want ad companies to be able to collect information, you can ‘opt out’ by changing your default browser settings, by installing blocking software, or by using ‘opt out’ choices that most ad delivery companies provide, but these can be rather hard to discover. Hence the value of sites like privacychoice.org.

When you opt out of advertising cookies, an ‘opt out’ cookie is placed on your computer that tells the advertiser you do not want targeted ads based on your activities and interests.

PrivacyChoice.org features

There is some great functionality available to you through the privacychoice.org website. In this screenshot of their homepage, I’ve highlighted six:

  1. Who’s Watching provides a good definition of what online tracking is, what behavioral tracking is, and what your privacy choices are.

    More importantly, in this section you will see a lengthy list of  companies that permit ad tracking companies to leverage their sites, shows which ad tracking companies they allow and whether those ad tracking companies are respectful of your privacy.The second screenshot shows provides an example of this information.I selected whitepages.com, and we see they allow 13 advertising companies to glean information about your searches.

    Nine of these have gaps in their policies that privaychoice.org flags as concerns, and 6 of the sites are not considered accountable to NAI standards.

    Running the same search on reuters.com shows that they do not allow any advertising companies access.

  2. The Privacy Bookmark tool can be added to your browser using drag-and-drop. This tool will opt you out of tracking by over 100 ad companies, and let you reconfirm your privacy settings at any time with just one click.The tool allows you to opt out of ad tracking from companies that do not comply with industry oversight, opt out of all ad tracking entirely, or if you click ‘more info’ you can customize which ad companies you choose to opt out.This section also provides great information about your choices, and the industry’s self regulation. These regulations include:The NAI guidelines (PDF) that include the follow requirements for their membership:

    - Requirements of consumer notice as to their practices in collection, transfer and use of consumer information, both personally identifiable and non-personally identifiable information.
    - Means for consumers to exercise choice over the use of their information, including designations of when that choice can be offered on an “opt out” basis or must be offered on an “opt in” basis.
    - Restrictions on use of information other than for marketing purposes, and a prohibition on non-consensual merging personal information with information about a user’s online activities.
    - Consent to annual compliance reviews directed by the NAI board, and NAI review of any “credible unresolved consumer complaint.”

    The Internet Advertising Bureau principles – click here to see the full text of the principles.

    - The Transparency Principle calls for clearer and easily accessible disclosures to consumers about data collection and use practices associated with online behavioral advertising. It will result in new, enhanced notice on the page where data is collected through links embedded in or around advertisements, or on the Web page itself.
    - The Consumer Control Principle provides consumers with an expanded ability to choose whether data is collected and used for online behavioral advertising purposes. This choice will be available through a link from the notice provided on the Web page where data is collected.

  3. TrackerScan, a browser add-on (again just drag-and-drop it onto your browser toolbar) that will show you which ad trackers are on any website you visit. Once you’re on the page, just click the TrackerScan and it will pop up a display. In this example, The Washington Post has 9 ad trackers, several of which do not comply with the self regulation guidelines listed in the previous section.
  4. Readers of The Washington Post should be outraged – and let the company know of their displeasure – at the lack of transparency over who is collecting their information through their site, and the disregard for your privacy by permitting access to ad tracking companies who do not comply with the self regulatory standards.

    Play around with this tool. In the case of The Washington Post, I chose look at the review of the privacy policy for Outbrain. You may be more than a little alarmed to see how much of your information they claim the rights to – and have been collecting through The Washington Post without your knowledge.

    Privacy Policy Highlights

    http://www.outbrain.com/privacy

    Anonymity

    “Outbrain is a collaborative intelligence platform. As such, it is predicated on the idea of sharing the intelligence of voting patterns among the outbrain community for the benefit of all outbrain users. We collect the following data through your use of our service:

    - Any information you submitted while signing up for the service (including name, email, etc).

    - Your submitted ratings and the documents with which they were associated.

    - Your clicks on recommendations and sponsored recommendations and the documents with which they were associated

    - IP address and an associated estimate of your geographic location, referring URL’s, browser and OS and other information normally passed in HTTP requests.

    - Information about your engagement with web pages you’ve read where outbrain is installed, including time spent on the page, how you reached the page, and the type of content of the page.

    As part of the outbrain service, your ratings on documents may be shared publicly and associated to the username you chose when signing up for the service. In addition, if you register on the site, your ratings and web page browsing history will be associated with the registration and personal data you provide and we will use that information to provide you with more targeted recommendations. However, any personally identifiable data you provide or that we collect about you will not be shared with 3rd parties (other than our service providers), unless required by law.”

    Sharing

    “We may combine information about your web browsing or rating patterns with those of other people who see outbrain services in order to share trend information – always in aggregate and anonymously – with 3rd parties. For instance, we may use it as part of an aggregated number to tell a prospective sponsor how many people in the outbrain network visit Sports web sites each month.”

    Sensitivity

    Privacy statement does not provide additional limitations on the handling of information in sensitive categories.

    Deletion

    Privacy statement does not state if or when information is deleted.

  5. Three great features for website owners. First, you can use their Free privacy scan of a website you own to see which ad companies are collecting information. You can review your website’s policies against the best practices checklist, and you can make informed choices about which ad tracking companies you permit on your site by looking at tracking company profiles.
  6. What’s in your profile let’s you see any information stored about you by the four listed ad tracking companies. I just wish they had this for ALL the companies…
  7. Compare 5 top privacy tools to learn how marketers may collect your profile online. This comparison of browser-based tools excludes PrivacyChoice because (in their own words) “so no one can accuse us of self promotion“.

Opting out of all ad tracking may not be desirable. This choice does not mean you won’t see advertisements; it just means the ads you see won’t be as relevant to you. If the ad tracking company takes steps to adhere to the industry’s self regulatory practices and does not collect personally identifiable, or indirectly identifiable, information about you, then seeing ads that are more relevant to you can be very useful.

What’s critical is that YOU are in the drivers seat. Website companies who allow ad targeting need to make this very clear to you, and only allow ad targeting companies who adhere to the self regulatory standards.

Linda


Know Which Companies Track You For Behavioral Advertising?

September 25, 2010

Fifty-six (out of fifty-eight) behavioral advertising companies were tracking my online actions – until yesterday.

I think I’m a fairly technical, savvy, privacy oriented, safety nut. Which made the realization that at least 56 advertising companies have been tracking my online actions without my knowledge – let alone my express approval – particularly concerning.

I am not opposed to online advertising

Seeing ads online is not what concerns me; knowing which companies are tracking me, how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do concern me.

I’ll get back to how you can opt out after a quick review of how we got to this point.

Online advertising pays OUR bills

Remember the dot.com bubble burst of 2000? It happened because internet companies built their content and services on one key concept – that we, the consumers, would subscribe to use their services and thereby make their companies profitable.

There was just one fatal flaw – we didn’t want to pay for subscriptions, we wanted everything to be free. Somehow we forgot that free doesn’t pay the bills, let alone turn a profit, and internet companies either went bankrupt or took huge financial losses.

A new revenue model had to emerge would extract money from those willing to pay, and that happened to be the advertisers.

So next time you want to gripe about online ads, remind yourself that while you pay for internet connectivity, it is the advertisers who are footing the cost of your “free” online content, entertainment, internet enabled communications, providing transaction services, and so on.

Reasonably, advertisers want a return on their investment, a need that requires some consideration. The primary requirement – as with any advertising – is to be able to segment internet user demographics so they aren’t, for example, wasting money marketing shaving cream to toddlers.

What internet companies quickly learned was that the more targeted ads could be, the more advertisers were willing to pay them for access to their users.. and it doesn’t take a leap to understand how we’ve come to a place where ads follow us , and behavioral advertising is the name of the game.

Introducing the Network Advertising Initiative

The Network Advertising Initiative (NAI), is a cooperative of online marketing and analytics companies.

In their own words, they are “committed to building consumer awareness and establishing responsible business and data management practices and standards. As increasingly sophisticated online advertising technologies evolve, consumer concerns about their impact on online privacy mount.

The NAI is prepared to meet these concerns with both effective industry self-regulation and sensible protections for online consumers. [something missing here] a group of third party network advertisers who are committed to increasing consumer confidence and contributing to the growth of electronic commerce.”

One of the services the NAI provides consumers is their Opt Out of Behavioral Advertising Tool. As the name implies, this tool allows you to see which member companies are monitoring you for behavioral advertising, and allows you to opt out if you choose.

This does not mean that you won’t see ads – remember the ads pay for your online content and services – opting out just means that you won’t receive ads tailored to you.

If you’re someone who never looks at online ads, this opt out functionality may be just the ticket. If, however, you prefer the ads you see to be more relevant, you may be quite happy with the behavioral targeting. My guess is you’ll land somewhere in the middle, and want to opt out of some services while staying with others.

Now that you know how, the choice is yours.

Linda


UK Launches Initiative to Raise Awareness of Online Advertising

November 24, 2009

Advertising organizations, the government, and large brands like McDonalds, Mars, and Kellogg have joined forces in the UK to deliver educational materials designed to teach 6-11yr olds how to critically think about online advertising.

The initiative, called Digital Adwise, is being developed through MediaSmart, a non-profit media literacy program that provides educational materials to primary schools.

Speaking of the new initiative, Siôn Simon MP, Minister for Creative Industries, said, “In today’s media environment, children need to be helped and supported to think critically about the media, particularly in relation to the internet and advertising, and these materials do exactly that.”

It’s great to see digital literacy collaboration between industry, government and educators – hat’s off to this group. It will be interesting to see how it matures and whether elements will be relevant for US students at some point.

Linda


Drug Ads in Social Media Scrutinized by FDA

November 15, 2009

drug adsThe Food and Drug Administration held hearings last week to determine whether specific regulations should be implemented to police how far social media sites like Twitter, Wikipedia, blogs and social networks can go in promoting drugs and medical devices.

Strict regulations apply to what medical device and drug makers can claim or advertise in print media or on TV, but the Internet’s rapid pace of change has created an environment where applying existing regulations may not be possible, and where existing regulations don’t adequately address the new medium.

There are thorny issues involved as the FDA tries to determine a set of criteria for:

  • Establishing when 3rd-party content has been substantively influenced by companies seeking to market their products
  • Understand what online messages drug makers are responsible for
  • Determining how companies can achieve balance in ads when the medium has a length limit – like the 140-character Twitter message (the FDA sent warning letters last spring to 14 companies whose online ads were misleading because they did not contain any risk info)
  • When linking to information is appropriate or misleading

The financial stakes in the outcome is high for drug companies and internet service providers interested in directly and indirectly pitch their products, or seeking significant revenue from pharmaceutical companies’ deep advertising pockets.

The stakes for consumers are even higher

After all, it is your health on the line and you need to know if the information you find is accurate and unbiased – or not.

According to a June 2009 study by the Pew Internet & American Life Project, 61% of US adults now look online for medical advice and that those looking online for health information are more likely to visit social-networking sites and look for immediately accessible information that has been posted by someone they feel is in similar situation.

The study also found that of those seeking medical information online, a majority access user-generated health information and 41% have read someone else’s commentary or experience about health or medical issues in an online news group, website or blog.

In light of this research, consumers’ need to know when information has been biased by a drug or medical equipment company is imperative. So is having an obvious, visible means of identifying the trustworthiness of medical information on a site.

For kids and teens, the issues are further heightened. They may be more inclined to search online than bring up a sensitive medical question with their parents. They are significantly less likely than adults to call a doctor or other medical professional over a health issue. Emotional risks like cutting, anorexia & bulimia need to be included in any FDA website/content monitoring. Clear boundaries need to be in place outlining the whether medical advertising can be directed toward minors online – whether it be direct advertising or ‘influenced’ advertising by 3rd-parties.

The outcome of these hearings will impact every one. Stay vigilant.

Linda


New York Times Hosts Rogue Ad in Security Breach

September 15, 2009

The New York Times was hit with a malicious “anti-virus” ad over the weekend in a very sophisticated attack that exploited a weakness in how the company receives advertising. This attack was a classic example of a current trend in cybercrime according to a new IBM report that found, “The presence of malicious content on trusted sites has increased, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites.”

Unsuspecting New York Times users saw a very realistic   – yet malicious – ad claiming their computer had malware running.

The ad advised users remove the malware by running a full computer scan using a product called “Personal Antivirus” to find and remove the infections.

Users were then told to buy the antivirus program in order to stay safe.

The criminals behind this sophisticated attack exploited five vulnerabilities – one vulnerability on the part of the NYT, four vulnerabilities common to consumers:

  1. Fundamental security weaknesses in the advertising systems used by trusted websites
  2. Consumers’ fundamental trust in reputable companies and their websites - Any ad that appears on a trusted site by association gains a stamp of legitimacy in consumers’ eyes and they let their guard down.
  3. Consumers’ lack of technical savvy – For less experienced users, seeing a pop up that warning them their computer is infected makes them inclined them to panic. While panicked they grasp at the ‘remedy’ in front of them rather than question why the ad appeared, wonder why they have never heard of this anti-virus product, or conduct a bit of research to find a reputable antivirus product.
  4. Consumers’ failure to secure their computers – An alarmingly high percentage of consumers still do not have the necessary security software installed, or up-to-date, on their computers. These consumers are more likely to fall for this type of exploit because they know they are exposed. Consumers with appropriate security are more likely to turn to their existing (legitimate) tools to check for infections.
  5. Consumers faith in slick graphics – if it looks professional, it must be legit

While consumers cannot increase the security of trusted sites (the company’s responsibility; in this case the New York Times scrambled to remedy the issue), consumers can eliminate their own susceptibility towards this type of malicious social engineering by carefully evaluating who, and what, they trust.

Most consumers still follow the assumption that if I trust “A”, and “A” appears to vouch for “B”, then I can trust “B”, but there are far too many assumptions in this equation that threaten your safety and security.

Misplaced trust

  • No matter how trusted a friend or family member is, if that person is using a compromised computer, they may be unwitting distributors of malware.
  • Friends of friends – particularly those you or your friends have never met in person – may not deserve any trust, let alone trust in accepting links.
  • “Legitimate” companies may not deserve your trust. Neither the size of a company, nor its popularity is reason to give it unqualified trust. For example: Google accepts money to place malware in its sponsored links.  Facebook’s Terms & Conditions give them more rights to your content than they should be trusted with. Echometrix’s Sentry Parental Control Software sells kids conversations (they claim to anonymize the kids) to advertisers.
  • Websites of companies who would never dream of tarnishing their reputation by accepting malicious advertising can be hacked or exploited – as seen in this NYT example.
  • News feeds, unwittingly promote malicious links as criminals engineer search engine results. 
  • Phishing sites may look identical to a reputable site but by inadvertently mistyping the URL or by following a link that purports to be the legitimate site you may find yourself far off track.
  • Tweeters may place malicious links – and other’s may inadvertently re-tweet these on their posts. These can be particularly hard to identify as they frequently shorten the URL’s so you don’t know the real site being pointed to.

The art of Internet Self Defense

This type of exploit where criminals leverage the weaknesses in online advertising delivery systems to distribute malicious ads on legitimate sites is going to increase. You need to be able to defend against it, and a few simple preventative measures can go a long way.

  1. Make sure you have security software and it is up-to-date. This will usually block malware from downloading to your computer.
  2. Do not download files, particularly executable files (they have a .exe at the end of the file name), unless you have verified it is safe.
  3. Stay in control and steer yourself to websites, don’t be pulled by links that may or may not take you where you want to go. If the link looks interesting, go find it yourself using your search engine. That way the ad’s link can’t pull you onto a site riddled with malware or land you on a phishing site.
    1. Searching the web without using tools that identify malicious websites for you is asking for trouble – you simply will not be able to tell which sites are legitimate.
      You need to use a product that visibly identifies for you the potential for malicious code on search results. I happen to use McAfee’s Site Advisor tool on all my machines, but both Firefox and Internet Explorer have features you can use to alert you to malicious sites, and several other companies offer similar services.
  4. Keep a healthy level of skepticism and slow down. Knee-jerk reactions do not give you time to evaluate the authenticity of the ad, its promises or its links, nor do they let you check the facts. Don’t panic over warnings, jump to accept ‘offers’, believe someone wants to give you money, or respond to a plea for help.  If you take the time to think things through and check the facts, you are much more likely to avoid well-placed-but-malicious links, will be much less likely to give away your information, or fall for other exploits. Checking the facts is easy online, look on a site like Snopes.com for to see if they report the ad as fraudulent, enter the company name into a search engine and see if there are warnings about it.

Linda


Follow

Get every new post delivered to your Inbox.

Join 1,761 other followers