Communicator, cooker, drinker, poet. Grew up in a mining town, wore a hard hat.

Monday, November 30, 2009

Cookies, Of The Online Persuasion

I had to answer a couple of questions about cookies for a continuing studies certificate I'm taking in Web Intelligence. The whole exercise was so interesting that I thought I'd share.

Are you willing to give up your "privacy" in order to have easier-to-use websites?

The author’s use of quotation marks implies that even he/she is unsure as to whether veritable privacy, or “privacy” as it is commonly understood, is at stake. The question presumes that first-party cookies (the tool employed to make websites easier to use) require you to give up some kind of privacy.

Wikipedia (although not always the most reliable, by far my favourite website) describes privacy as the “ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively”.

Do cookies threaten a user’s ability to selectively reveal themselves? I think third-party cookies do, but I believe that “giving up privacy in order to have easier-to-use websites” is a question about first-party cookies, since third-party cookies are most often used by advertisers to track visitor behaviour across a broad portfolio of websites and not to improve a particular website’s ease-of-use.

To explore a different angle of the debate, I don’t necessarily think first-party cookies require us to give up privacy. I should mention that I understand first-party cookies to be tied to a single domain. It occurred to me that multinational conglomerates might use cookies to track user behaviour across multiple sites and brands; I would consider those to be third-party cookies. Although I don’t think the distinction will be valid for long.

The issue of health care related web interactions is an interesting one. If I visit a disease-specific information site and provide my email address in order to receive news alerts, I am privately and consciously transacting with the operator of the website for the purpose of receiving communications. If my email address, associated with that disease-specific site, is eventually the basis for an insurance provider to deny me coverage, I think it’s fair to say that my privacy has been violated and that I (sure as hell) didn’t sign up for that.

Similarly, in the case of cookies, if I visit a site and my settings are such that a cookie is downloaded to my machine, I am choosing to reveal a discrete amount of information to the website operator. Data is being created about a private interaction, between me and the operator’s site. But I don’t agree to be eventually denied insurance coverage because the site’s cookie history was sold to an insurance company.

Just like walking down the street, I’ve never thought that interacting with a website was an entirely anonymous activity. The web is a community of users, gathered behind websites, and interactions with users, people create information. If you want to wear a paper bag, you’re welcome to change your privacy settings, but people are still going to see you walking down the street (i.e. analytics solutions will recognize your location, browser settings, length of visit, pages viewed).

I may be rambling. To wrap it up, I don’t think that we have to give up privacy to have easier-to-use websites. But I think that we need to have more clearly articulated privacy standards where the onus is on websites to comply and not on users to review lengthy and complex privacy policy statements. But that’s a question for another day.

Are you willing to give up your "privacy" so that the ads you see on websites are likely to be more relevant to you?

Yes, but only because it’s useful for work: to see what kind of targeted campaigns people are running. I subscribe to the widespread marketing industry hypocrisy that loathes being on the receiving end of a sales pitch, however relevant.