Tuesday, November 1, 2011

Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising

Title:  Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising   
Authors:        Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang
Publication Date:       October 31, 2011     

Abstract
We present results of a 45-participant laboratory study investigating the usability of tools to limit online behavioral advertising (OBA).We tested nine tools, including tools that block access to advertising websites, tools that set cookies indicating a user’s preference to opt out of OBA, and privacy tools that are built directly into web browsers. We interviewed participants about OBA, observed their behavior as they installed and used a privacy tool, and recorded their perceptions and attitudes about that tool. We found serious usability flaws in all nine tools we examined.

The online opt-out tools were challenging for users to understand and configure. Users tend to be unfamiliar with most advertising companies, and therefore are unable to make meaningful choices. Users liked the fact that the browsers we tested had built-in Do Not Track features, but were wary of whether advertising companies would respect this preference. Users struggled to install and configure blocking lists to make effective use of blocking tools. They often erroneously concluded the tool they were using was blocking OBA when they had not properly configured it to do so.

Full Report: CMU-CyLab-11-017

--

Privacy: "Things are just getting worse"

Your phone company is selling your personal data

David Goldman @CNNMoneyTech November 1, 2011

NEW YORK (CNNMoney) -- Your phone company knows where you live, what websites you visit, what apps you download, what videos you like to watch, and even where you are. Now, some have begun selling that valuable information to the highest bidder.

In mid-October, Verizon Wireless changed its privacy policy to allow the company to record customers' location data and Web browsing history, combine it with other personal information like age and gender, aggregate it with millions of other customers' data, and sell it on an anonymized basis.

That kind of data could be very useful -- and lucrative -- to third-party companies. For instance, if a small business owner wanted to figure out the best place to open a new pet store, the owner could buy a marketing report from Verizon about a designated area. The report might reveal which city blocks get the most foot or car traffic from people whose Web browsing history reveals that they own pets.
Verizon (VZ, Fortune 500) is the first mobile provider to publicly confirm that it is actually selling information gleaned from its customers directly to businesses. But it's hardly alone in using data about its subscribers to make extra cash.

All four national carriers use aggregated customer information to help outside parties target ads to their subscribers. AT&T, Sprint and T-Mobile insist that subscriber data is never actually handed over to third-party vendors; nevertheless, they all make money on it.

AT&T's (T, Fortune 500) AdWorks program, for instance, promotes AT&T's customer base to advertisers. On its AdWorks website, AT&T touts its ability to "reach customized audience segments based on anonymous and aggregate demographics." It then shows customers carefully tailored coupons, in-app ads and Web ads.

Sprint (S, Fortune 500), like Verizon, tracks the kinds of websites a customer visits on their mobile devices as well as what applications they use, according to spokesman Jason Gertzen. Sprint uses that data to help third parties target ads to customers.

That's a step further than Verizon goes. It too lets advertisers target customized messages to Verizon subscribers' mobile phones, but for that initiative, it does not incorporate its customers' Web surfing or location data, according to a company spokesman. Verizon relies on other personal information, including customers' demographic details and home address.

T-Mobile declined to answer specific questions about what kind of information it shares or sells, instead pointing CNNMoney to T-Mobile's privacy policy. The policy's open-ended terms seem to suggest that the company does not divulge customer information, but a T-Mobile spokeswoman acknowledged that the company "collects information about the websites that customers visit and their location" and that it "may use that information in an anonymous, aggregate form to improve our services."

Selling customer information is an age-old practice that is certainly not exclusive to the wireless industry. Brian Kennish, a former DoubleClick engineer who developed the advertising network's mobile ad server, noted that wireless companies have been sharing users' location data with third parties for more than a decade.

Why Apple and Google need to stalk you
But the rise of smartphones has given mobile providers an accidental treasure trove of marketable data: The gadgets are hyper-personalized tracking devices that "know" more about their owners than any other product on the market.
Wireless providers are taking advantage of their gold mine.

"At the end of the day, we're getting to a situation where customers are the products that these wireless companies are selling," said Nasir Memon, a professor of computer science at New York University's Polytechnic Institute. "They're creating a playground to attract people and sell them to advertisers. People are their new business."

There's a lot of money to be made in the largely untapped local advertising markets. A BIA/Kelsey study from March predicts that U.S. local online ad revenues will reach $42.5 billion annually in 2015.

Google (GOOG, Fortune 500) and Facebook are scrambling to sign local businesses to their new services like Facebook Places, Google Wallet and Google Places. But with smartphone customer data in their arsenal, wireless carriers are well positioned to swoop in as well.

"Verizon revealed the industry's strategy," said Jeff Chester, executive director of the Center for Digital Democracy. "This is more than the camel's nose under the tent.

With NFC [near field communication, an emerging technology for mobile payments] and GPS, there's a new digital gold rush here, and wireless companies want to reap the tremendous financial rewards that will come with dominating a local advertising market."

Chester noted that Verizon was the first to admit that it's selling customer data for local advertising and business-development purposes, but he said he believes all of the industry's players are involved in using subscriber information for that purpose.
"They're all doing this," he said. "Everyone is aware that big growth in the digital economy is mobile and location-based services."

For its part, Verizon has largely been applauded by privacy groups for at least being transparent about what it's doing and pointing users to an opt-out site if they don't wish to participate. But privacy advocates are concerned about the direction wireless companies are headed.

"The Web pages we go to and searches we do are the closest thing to our thoughts, the most private info of all, that can be recorded," said Kennish, who now heads up Disconnect, an online privacy tool. "If Verizon succeeds, I'm sure others will follow. Despite all the talk about privacy lately, things are just getting worse."