In the last year, the idea of a "do not track" mechanism for web surfers has gained currency. The name invokes the idea of the do-not-call list for telemarketers, which those of us who prefer eating dinner undisturbed will be well familiar. With Google this week endorsing the concept via its Chrome web browser, will the idea catch on - and how can it protect your privacy?

Despite similar names, the privacy risks differ markedly between annoying telemarketers and online ad networks. In a process known as online behavioural advertising, these ad networks use cookies - persistent data sent and received by your web browser - to build up a profile of you as you surf the web. Although the web sites you use probably aren't giving away your data, if several of them participate in the same ad network, that company will be able to ascertain that it was the same person, you, who visited them. They then use this information to piece together a profile about you and your interests. It happens constantly and is completely invisible to all but the most hyper-vigilant user.

They do this, of course, because this profile has monetary value. It allows networks to serve up more targeted ads, which have higher click-through rates and are thus more lucrative. So the scraping and collecting of your online tracking crumbs is not going to stop any time soon.

This practice raises significant privacy concerns. While many people are willing to share information about their likes and habits, few would be happy with it being surreptitiously gathered without their express consent. Over a period of time, these companies could build up a pretty complete picture of a person's web browsing habits, and may even be able to link it to a real-world identity, as they admit themselves.

This threat has long drawn the concerns of privacy activists, and even the US Congress has debated the idea of a do-not-track mechanism to stem the practice.  Legislation aside, several solutions are on offer to mitigate the risks.

The first involves using cookies themselves. An initiative called the Network Advertising Initiative, an attempt by industry to assuage concerns, allows users to set an "opt-out" cookie with each one of the dozens of participating advertising networks. These networks, in turn, look for the respective cookies and remove participating users from their behavioural ad programs.

This approach has a few major problems, the biggest of which is complexity. It relies on hundreds of cookies being set across the networks, cookies which can be deleted or forgotten, and must be re-set by a user. The scheme also requires the ad networks themselves to participate in good faith. It's not always clear just what each of the participating companies do when they see the opt-out cookie.

The good news for users is that participating in this scheme is getting easier. Firefox has a variety of plugins available to manage the opt-out process, including the Beef Taco extension. With Google's announcement this week, the Chrome browser now has good support for the NAI program. Using the "Keep My Opt Outs" extension, users are automatically opted out of all the NAI-participating networks, and don't have to remember settings or check back to see the cookies are still set.

Google deserve some kudos for this, simply because they are one of the networks being opted out of. (Google owns DoubleClick, one of the largest ad networks involved.) We're glad to see they are taking concrete steps when it comes to protecting privacy.

There's room to improve the do-not-track approach. Due to the fragility of a cookie-based solution, and the requirement that ad companies specifically sign up to programs like the NAI, a different solution (involving HTTP headers) is fighting for industry recognition. In this scheme, your web browser would inform every web site it visited that you wished to opt out of any tracking program, whether you had been there before or not. This seems like a welcome addition to the conventions that govern web usage.

Unfortunately, none of this means users are will be in the clear and free from privacy threats. Removing persistent tracking mechanisms is getting harder and harder, with many alternatives to cookies being exploited by advertisers. Less scrupulous advertisers, whether they claim to respect do-not-track or not, will still have many different ways of tracking you and exploiting that information. Perhaps privacy enhancing technologies will get an edge in the technological arms race for a time, but the battle over ad dollars is likely to be waged for the foreseeable future.

(From an opinion piece published on ABC Online).

Before it came along, we were served by a revolving series of moral panics, changing censorship ministers and a patchwork of different state systems. Many books and films were banned that today would hardly warrant a mention - I wonder how many high schools would not allow "The Trial of Lady Chatterley" a place in their libraries? In the sordid history of censorship in Australia, the creation of a national system under the Hawke government in 1984 at least gave us something that was uniform and understandable, and led to a slight loosening of a system that was much more puritanical than the citizens it served.

Our classification code has done its duty for these last 30 years or so. As a reward, it deserves to be given a nice cup of hot chocolate, and wheeled outside to enjoy the sunshine of its retirement.

Recent debates over the classification of computer games and internet content have revolved around the edges of the classification scheme - what content goes into which rating. But these sorts of debates are missing the bigger picture. The future of classification itself must now be doubted.

Continue reading over at the ABC.

Update 19/1/11 10am: Looks like Facebook have suspended this scary new feature for now.

Facebook, by now almost synonymous with online privacy woes, has made another change to its platform that has privacy experts worried.

The latest move, reported in several outlets, expands the information available to Facebook application developers. Now, users can grant applications permission to read their mobile phone number and current address. While it doesn't appear to be retroactive, and users will have to explicitly grant access, this raises concerns because of the nature of the information itself.

There are many legitimate uses for this information. The delivery of goods, coordinating local social networks, or SMS notifications of important events of interest to the user. Allowing a user to share address and mobile phone information with a third party is not an inherently evil thing.

However, the illegitimate uses are out there as well. From Junk mail or spam SMS, to abuse by bill collectors, to exploitation by thieves and stalkers. When your other online activities can be linked to a physical address, risks arise, as we are likely to be in the habit of considering internet speech to be relatively anonymous.

What we will find is that the legitimate and illegitimate will both be present on Facebook, and it won't be easy for users to tell the difference. Facebook apps aren't vetted or reviewed to weed out the less reputable players, and we can be sure the dodgier operators will be working on ways to masquerade as legitimate and trick users into pressing the "allow" button. It's reasonable to suspect that many people will be in the habit of clicking "allow", especially if something is recommended by a friend. It's only a matter of time before we hear tales of some unfortunate outcomes.

For this reason, we would want to err on the side of caution, and keep address and phone information more private, at least as far as applications by developers without any track record of accountability are concerned.

Once again it's clear that commercial pressures drive a lot of Facebook's privacy decisions. There is commercial value in highly localised services, or access to the mobile phone number of potential consumers. That explains why this change has been made, but an explanation is no substitute for warning or discussion.

Speaking practically, we have to expect Facebook to continue moves like this. In some cases they will be well within their rights to make changes; other times, it will be less defensible. But opportunities to get any sort of redress will be few and far between.

We have to remain vigilant about our privacy online, difficult as this may be. One of the big challenges of safely using a service like Facebook is the shifting landscape it presents. No matter how carefully you checked your privacy settings or reviewed the possibilities for information leakage, an announcement like this could change your risk assessment instantly. The bar for leaving is likely to be higher than joining in the first place, which is something Facebook may be counting on.

The European Internet Services Providers Association (EuroISPA) has spoken out against ISP internet filtering, saying that it is an ineffective band-aid that leaves illegal material online and in the wild.

EuroISPA has called on the European Parliament to focus instead on permanently removing the material at its source. Forcing ISPs to block access to sites, they point out, leaves the material available to abusers - as it is they, who are most interested in such material, that are also the most capable of circumventing such filters.

Malcolm Hutty, President of EuroISPA, said in part:

Blocking, as an inefficient measure, should be avoided. Law enforcement authorities’ procedures for rapid communication to Internet Hosting Providers of such illegal material must be reviewed and bottlenecks eliminated.

The good news is that the European Parliament are already skeptical of mandatory filtering. Will national governments be so sensible?

Well, clearly not ours. We've been making the point for three years that filtering will do nothing to help children, as it will neither shield them from inappropriate material nor in any way combat the spread of child abuse. If Senator Conroy missed those memos, perhaps he should look to Europe?

Electronic Frontiers Australia (EFA) today questioned the campaign by major retailers to thwart the rise in overseas e-commerce.

Major retailers today published an open letter calling on the Government to lower the GST-free threshold on imported items, in a bid to slow the growth of online sales.

"We think this move would hurt Australian internet users and consumers," said EFA Chair Colin Jacobs. "Until a solid case is made that the economic benefits would outweigh the advantages in choice, price and convenience to shoppers, we don't think the status quo should be changed."

"The rise in online commerce has significant benefits for Australians, and will only become more important, " added Jacobs. "With the NBN on the way, any changes targeted specifically at hindering online shopping should only occur after a lot more study and consultation."

(more...)