Consumer 11.0: Web marketers' tactics threaten Internet privacy

I'm not exactly proud of this, but both my daughters spent most of their teenage years with a computer close at hand. They were good kids and kept their doors open, so I didn't worry much about where they went online or what they did once they got there.

Maybe I should have - and not just about them. It's increasingly clear that while you and I do the visible stuff online - while we're reading, shopping, playing games, connecting with friends, or pursuing hobbies - there's a whole lot of invisible activity that we haven't invited and don't control.

Internet ad networks are likely tracking nearly everything you do - not just you, but also your teenage kids. The networks, along with data miners and brokers, are creating "online profiles" that become more and more valuable the deeper they get. And some companies even claim to link millions of online profiles to actual names and off-line addresses.

What's the worry? The online data and marketing industries say they're just greasing the wheels of commerce by making it easier for businesses to deliver ads you care about. That's been the spin since the 1990s, when search engines developed the simplest forms of these personalized ads, and later as entrepreneurs began to mine Web addresses and deposit "cookies" onto your computer to track where you've been.

But as the technology has grown more elaborate, and as once derided "adware" went mainstream in the embrace of companies such as Microsoft Corp. and Google Inc., the process has grown smoother and more intrusive.

Pop-up ads may not drive you crazy anymore. But as you read, shop, play, or connect, "behavioral marketers" are amassing increasingly rich profiles about you - gathering data not just about your tastes in music, food, or clothing, but also about things you probably consider much more personal, such as your health or finances.

To its credit, the Federal Trade Commission stepped into the breach last fall to grapple publicly with something that in the Facebook era has become an increasingly troubling question: How to balance the huge and obvious benefits of the Internet against a huge but largely invisible threat to privacy.

Two elements won particular plaudits last week from privacy advocates who submitted comments on the agency's privacy framework. Both are part of the FTC's recommendation that the industry simplify the choices facing consumers, who right now have few options - none of them especially good - if they want to avoid online profiling.

One is a "do not track" option - probably a setting on a Web browser that would allow consumers to opt out of commercial tracking. The other is "just-in-time" choice: a notification that would allow you, at the time when your privacy is about to be breached, to just say no.

To see the value of these tools, it helps to understand what's invisible. Say you're thinking of buying or refinancing a house, and are playing with a loan calculator. A just-in-time notice would tell you that you're about to be outed to companies selling financial services.

In simpler days, the result might have been an ordinary search ad. But the reach of vast ad networks and "third-party cookies" now means that information can follow you from site to site - perhaps from the calculator to a site pitching books on getting your finances under control. Depending on the data available, it might even affect the rate you're offered.

How do they find you? That's where an ad network's "Web bugs" and "tracking beacons" come into play. Invisibly to you, they look on your computer for cookies left by that same network when you were on other sites. Once you're identified, the network can add to your profile or use it to deliver ads.

"That information is made available to marketers in milliseconds," says Jeff Chester, executive director of the Center for Digital Democracy, which supports the FTC's proposals.

Chester's group joined more than a dozen others Friday to urge the FTC to pay special attention to the vulnerability of teenage Internet users - those 13 and up, who are too old for the safeguards of the Children's Online Privacy Protection Act. One ironic result of that good law, they say, is that teenagers are essentially treated like adults online.

Social-networking sites such as Facebook put adolescents at extra risk, not because the sites themselves are so insidious, but because they are places where young people share so much personal information - or perhaps over-share, as it may look through more sober hindsight. What happens to your personal data years later?

That's one reason Consumers Union told the FTC that industry self-regulation may fall short. "A privacy framework that allows a company to collect an infinite amount of data and hold onto it indefinitely as long as that company is transparent about its practices would be a troubling one indeed," the organization said.

There are already some positive signs, at least on the browser front. Mozilla is testing a new version of Firefox with a do-not-track feature. And Google's Chrome may offer a "persistent opt-out," to address the irony that clearing cookies erases your previous opt-out from a particular ad network's tracking features.

Standardization is the key to helping consumers navigate this confusing and often murky terrain. So is a rejection of hyperbolic arguments that limits on behavioral marketing will somehow "kill the Internet."

"The industry argues that this is fueling Internet growth, and that if you somehow protect privacy in the equation, the Internet will have to declare bankruptcy," Chester says.

Hogwash, Chester says. And he's right.