OPS Redux

[December 15, 2011] In which I reflect upon the W3C's new privacy standard and, finding it lacking, go on to propose my own alternative built around the Open Profiling Standard anno 1995.

The World Wide Web Consortium (W3C) recently announced a new privacy standard; the first draft of which revolves around the “Do Not Track” (DNT) HTTP header originally introduced by Mozilla as a part of Firefox 4. This is something I had been looking forward to. But I’m afraid I’ve come away disappointed.

If you follow the occasional posts here on Building to Think, you’ll know that I’ve spent some time over the last months thinking about personalization and, by extension, tracking. I’ve taken some twists and turns as I’ve stuck my head into the “Filter Bubble” – the supposed problem that got me to venture down this path in the first place.

I won’t go into filter bubbles here, safe to say I don’t think they’re much of an issue. What I’d like to do instead is focus on something that I think is much more important: namely the infrastructure that facilitates personalization on the one hand, and tracking on the other.

First, some basics

Browsing the web involves a number of transactions, with data flowing between your browser and the websites you visit. Much of that data is made up by web content such as text and imagery sent to your browser for you to consume. Few people however realize that this is a two-way street and that information is also sent in the opposite direction.

That information may or may not include data about you as a user, and it may or may not be used by the recipient websites. But when it is used, it might be used for profiling purposes so that the website can target you with advertising and content it thinks you’ll find interesting.

Some people hear this and get ill at ease; it does have a 1984-type quality to it. Others will simply shrug and say that it’s perfectly fine as long as they can benefit from personalized advertising and, as is more often the case nowadays, personalized content.

I’m generalizing profusely here but the gist of it is that these things do occur and that some people find it problematic whilst others do not. Also important is that organizations such as the W3C are doing what they can to facilitate a solution. It’s to that solution I want to turn out attention.

Nothing new under the sun

Targeted advertising and personalized content are two sides of the same coin. The former may sound more malicious, but they’re both made possible through the same mechanism: “web tracking” (i.e., the act of recording the a user’s movement on one or more websites). It should come as no surprised that this raises certain privacy concerns and that these concerns have been around for as long as tracking has been around.

The recent announcement from the W3C is, in fact, not ground breaking. People have been talking about stuff like this for a rather long time. One of the more ambitious “solutions” were, for example, proposed as early as 1998 by non-other than the W3C itself. But the “Platform for Privacy Preferences (P3P), has that solution was called, never gained much traction, a fact I attribute to misaligned incentives – something well get back to in a little bit.

DNT and P3P are really quite different. But as is often the case with these things, it’s the commonalities that are most telling. You see, both DNT and P3P are (and were) concerned with the fact that tracking, as it exists today, affords little to no control to users. Both are, in this sense, attempts to put the users (back) in the driver’s seat.

(As far as I know, there’s never been a serious discussion about banning tracking altogether. And that is just as well as it’d probably be a technical impossibility.)

User control is a laudable goal and something I support wholeheartedly. But I also think that DNT and P3P suffers from similar problems. And if these problems aren’t addressed, I fear DNT will fall into oblivion just like its forebear—good intentions notwithstanding.

A blast from the past

Before we go into these problems in detail, let us quickly backtrack to the late 1990s once more because there was another piece of policy back then – an important piece – that has yet to me mentioned. That piece of policy was called “Open Profiling Standard” (OPS, they love their 3-letter acronyms at the W3C) and it was, as far as I’ve been able to tell, rolled into, or appended to, the larger P3P draft.

Because they where so tightly intertwined, OPS of course suffered the same fate as did P3P. And this, I think, is a real shame. OPS was no silver bullet, but it did hold a lot of potential. Much more so than what I’ve been able to glean from my reading of P3P and, to a lesser extent, DNT.

P3P gave users control over what type of information they where willing to share. But it did so in a round-about kind of way. It’s backbone, so to speak, was a facility in which content providers (i.e., the websites you visit) could specify what they wanted to track. These settings would then be compared to user settings. If there was a mismatch, users would be “prevented” from visiting the site.

The problem of this approach should be obvious. It’s basically a surefire away to turn away visitors. I’ve been in this business for over a decade and I’ve yet to find a single content provider who thought that was a good idea. It’s no wonder, in other words, that P3P never went anywhere.

DNT is better. Much better. But it’s, in my opinion, not good enough. It basically does away with the problematic content-provider portion of P3P. The user is still in control but, unlike P3P, she’s allowed to visit any website of her choosing. DNT doesn’t care to match the user’s privacy settings with the tracking needs of providers, it simply states what the provider can and cannot do with the user’s data.

Sticks vs. Carrots

The problematic portion of DNT is enforcement. We’re essentially relying on providers to play nice. There’s nothing stopping providers from saying “Oh, so you don’t want me to track you? No problem, come on in” and then turn around and track your every move. There’s no easy way for regular users to check that the websites they visit actually honors their privacy settings.

As is the case with tracking more generally, there are two ways to look at this issue. One way is to point towards the track record of providers who police themselves. That track record is surprisingly good, and so one can look at that and conclude there’s no problem. The other view, and the one I’m taking, is that lack of enforcement is a virtual free card for a few bad apples to do pretty much what they want.

A Twitter users recently explained to me that DNT essentially relies on the same feedback mechanism as all other self-regulatory schemes: comply or the government will be forced to step in. And this is, of course, perfectly true. There are many such schemes, some of which work, and some of which don’t. There’s really no way to know until you try.

Here’s the thing though. There’s plenty of research that shows that incentives are more potent in regulating behavior than are rules and regulations. I won’t cite studies here (ask me in the comments if you like) but the evidence is pretty clear: if you want someone to do something, you’re better of waving carrots around than you are threatening people with sticks.

P3P had no incentives for providers. And neither does DNT. And that’s a problem. We’re basically asking for-profit companies to abstain from a source of competitive advantage. And the same goes for advertisers who, for better of worse, are now able to target users with customized messaging. Are they going to give that up? I don’t think they will.

You might think I’m being cynical. Personally, I just think I’m being realistic. Schemes such as this depend on the compliance of multiple stakeholders, and so it makes sense that each stakeholder should be able to benefit. Why else would they comply? Why would anyone willingly make themselves worse off?

Incentives are the missing ingredient, and that brings us back to OPS.

A far-reaching idea

I’ve understood OPS to be more like DNT than P3P, the scheme it was actually part of. Like DNT, OPS didn’t have the restrictive quality that plagued P3P. It was more “User: Here’s what I’m willing to share, please use it to personalize my experience” and less “Provider: Here’s what we require; go somewhere else if you don’t like it.” Like DNT, it was (and is) more user-centered.

At the core of OPS was a browser-based privacy control panel with which users could control what information they were willing to share. It was something quite tangible; something with which users could experiment in an effort to find a balance that worked for them. Most importantly, it gave users the control they so desperately needed.

Unfortunately, that’s as far as OPS went. And from what I’ve been able to find out, it too relied on the well-meaning provider to abide by the rules. But OPS had (and still have) the potential to be so much more. So much so, in fact, that I think it could serve as the platform for a new privacy scheme, one that is beneficial to everyone—not just users.

Such a concept may strike you as rather utopian considering that users and providers/advertisers are all but diametrically opposed in their needs and wants. But that’s just the thing. They don’t have to be. In the right kind of scheme, this could be a win-win situation in which all stakeholders – users, providers, AND advertisers – can benefit. The question is: what could providers and advertisers possibly have to gain from a privacy scheme?

Tracking is no crystal ball

At present, providers can glean preciously little actionable insight from a user visiting their website. That’s why they are so keen to have you sign up for an account; unless you willingly provide them with some rudimentary information about yourself, the most they can hope to find out is what city you’re from and what pages you visited on their site.

Providers do not know who you are unless you tell them yourself. And this fact has spurred an entire industry of companies concerned with one thing and on thing only: to find out as much as they can about you without actually having to ask your permission. KISSMetrics is one such company, and I’ve heard they’re doing quite well for themselves—ethical considerations notwithstanding.

Providers still can’t know who you are, but through the services of KISSMetrics and other companies like them, the do “know” that you’re looking to refinance your house, say, or that you are entertaining the idea of buying a new car.

They know this because they’re able to track your movements across multiple participating websites. You might, for example, recently have visited various car websites. Chances are that an advertiser would look at that information and think you’re the perfect target to which to pitch a new mid-sized sedan.

This information is far from perfect (the advertisers still don’t know who you are or what exactly type of car you are looking for), but the information they do have allows them to make an informed guess as to your needs and preferences, and that is much better that blindly shooting off ads in the hopes that one of them will find their way to a prospective customer.

Tracking is, in other words, a valuable tool to providers and advertisers alike. But the fact that it isn’t perfect has lead to some less-then desirable new services that (further) infringe on online privacy. What providers and advertisers want, in other words, is better insights. And they want it more than anything.

Rekindling OPS

What if we, as users, could give them that information in exchange for better service? What if we could trade our personal information and use it as currency? As users, we’d have complete control over who gets access to what information. And we’d be able to use that control as leverage in getting what we want. On the flip side, provides and advertisers would gain unprecedented market insight above and beyond what they now have access to.

The OPS privacy control panel is central to this idea as users would need some form of interface with which to manage their data. Everything from web history to psychographics could be incorporated in this panel – some of which could be handled automatically (e.g., websites visited, purchases made, geographic location) whilst others would need to be managed manually (e.g., income level, interests, preferences).

The only limitation I think we need to put to this panel is that all settings need to be “opt-in”. That is, that every single setting must be turned off by default and that only the user him or herself should be able to change this. Nothing should be shared without the user’s explicit consent.

Let me recap that because it’s important: nothing, and I mean nothing, should be shared without the user’s explicit consent. Ever.

If you’ve read my previous writings on this subject you’ll understand why I feel so strongly about this. Having to opt-out of something I may not want, I think, goes against the fundamental principles of the web. It’s not something I’d be willing to compromise on even though I understand that this fact may well prove to be a point of contention for providers and advertisers.

Why a contention? Because some are likely to argue that no user in their right mind would choose to share personal information about themselves. Especially not with for-profit companies looking to make a buck. But I don’t think that’s true. I think plenty of people would be willing to share information with a select number of providers and advertisers. Not all, mind you, but enough to make this interesting for all stakeholders. And that is, as you already know, the whole point.

In closing

OPS was initially described as “special software” to create a “Personal Profile”; something that providers and advertisers could tap into. And that is essentially still true. What’s new in this updated version is the fact that providers and advertisers must now be invited if they are to tap into this profile and, perhaps equally important, that the profile itself holds much more information than was previously the case.

This new version of OPS is different from P3P in that it doesn’t hurt business. On the contrary, it incorporates incentives that plays to the needs and wants of providers and advertisers. And it’s different from DNT in that minimizes the problem of enforcement. There won’t be the same need for providers and advertisers use underhand tactics to retrieve paltry user data when a virtual treasure-trove of useful information is so “easily” attained. All that they need to do to gain access is give users something in return.

This “something” might be a limited-time subscription, access or exclusive content, or something completely different. It doesn’t really matter at this point. What’s important is that we acknowledge that there are alternative solutions to our online-privacy woes. And believe me when I say that “OPS Redux” may or may not be the best such alternative. But it’s an alternative and does have a crucial difference: it’s built around carrots rather than sticks. And that, I hope you’ll agree, gives it the potential to completely redefine the discussion around web tracking and personalisation.

Let me know what you think. Cheers /Andreas

External References

Book References

The Filter Bubble by Eli Pariser

On my phone so i’ll try typing this the best i can.

It seems to me to be glossing over the actual problem here which is why are browsers so easy to finger print in the first place.

The burden shouldn’t be on every website to implement do not track mechanisms but on the browser makers to make it much more difficult to track in the first place.

I also don’t see the incentive for signing up to a do not track service when a site is already collecting information in the first place so where is the gain for them? I assume (and maybe i glossed over this in your post) you mean more personal details however i still don’t think its useful for someone like say… amazon.

They’re interested in where you’ve been not who you are. They can already determine that from your locations so I fail to see the benefit. Also it wouldn’t be useful after the first company takes and shares your data with everyone else.

On your last point about trading privacy for a service. Its already happening. When you go to google and do your searches you’re trading your privacy for a free indexing service.

I don’t see how the internet could ever transfer away from that model. Even if a government attempted to made tracking illegal it wouldn’t pass through because it wpuld conflict with other laws about keeping logs on user activity.

Andrew. Your comment on why browsers are so easily fingerprinted is spot on. I don’t know the answer but I suspect it’d be technically challenging to prevent that. But again, I do not know. I also agree with you that there are little to no incentives for signing up to a DNT service if you are a provider of advertiser; that’s why I’m arguing against DNT and for a modified OPS. That said, you are correct in saying that companies like Amazon (and Google, Facebook, Youtube) would have less to gain from this type of OPS-like scheme seeing as they already have so much information about their users. I think it’s important to point out though less doesn’t mean nothing. I think even Amazon would be interested to see what “their” users do on other websites etc.