Brandwashed (38 page)

“Cookies are used by virtually all commercial Web sites for various purposes, including advertising, keeping users signed in and customizing content,” the article went on, adding, “Bad as it was to be stalked by shoes, Ms. Matlin said she felt even worse when she was hounded recently by ads for a dieting service she had used online. ‘They are still following me around, and it makes me feel fat,’ ” she says.
³⁵

Last year researchers at the University of California at San Diego found that “a significant proportion of the 50,000 most-visited sites on the Web”
³⁶
were engaging in some manner of behavioral tracking—with some even employing an analysis known as “history sniffing,” which delves into our past browsing behavior to uncover what sites we’ve visited in past months or even years. (Note: as of writing this kind of tracking doesn’t work on Apple’s Safari,
Google’s Chrome, or Firefox, though it will work on Internet Explorer.) Similarly, sites like Perez Hilton, Wired, Technorati, and Answerbag employ an analytics service known as
Tynt.com
, which measures what articles users cut and paste, a spying protocol known as “behavior sniffing.”
³⁷

Experiencing a recurrent pain in your abdomen? Having trouble sleeping? Concerned about a relative’s depression? What do you do? I’m guessing you go straight to the Internet, where you quickly type in the symptoms. This is why some pharmacy chains are now monitoring our search patterns online. Imagine how valuable this data is for drugstores. Not only can they use it to send us offers related to our specific condition, but they know what health concerns are most prevalent in our geographic area or among our demographic and can alter their inventory or in-store signage accordingly. As of writing, a number of prominent consumer organizations are asking the FTC to investigate deceptive ads that pop up when we go online to hunt down medical or prescription drug information. Notes the consumer complaint, “Nearly $1 billion dollars will be spent this year by online health and medical marketers targeting the growing number of U.S. consumers who increasingly rely
on the Internet for information about medical problems, treatments, and prescription drugs.”
³⁸
Among the companies named in the complaint are Google, Yahoo!, Microsoft, AOL, WebMD, QualityHealth, Everyday Health, and HealthCentral. What’s more, as of writing, pharmaceutical and other health-oriented marketers are pressuring the FDA to grant them greater latitude to expand their online advertising, whether it’s through
data mining, Internet-search monitoring, or online behavioral profiling.

In short, even the most private details about our health aren’t safe from data miners.

T
hanks to
social media, our digital footprints have gone from a faint silhouette in the sand to a sprawling, multiclawed track that could easily belong to Bigfoot. One of the main culprits is the Web site everyone loves, loves to hate, and otherwise cannot live without, namely,
Facebook. Ready to know what they know?

Although Facebook’s much-maligned
privacy policies have generated a lot of controversy, they are fairly straightforward—that is, if you bother to take the time to read them. The site claims it does not share personally identifiable information with advertisers “unless we get your permission.” At the same time, Facebook does allow “advertisers to choose the characteristics of users who will see their advertisements”
³⁹
and retains the right to use any attributes the site has collected—including information you may have opted to keep private, such as your birthday—“to select the appropriate audience for those advertisements.” Scarier still, the site adds, “When (users) click on or otherwise interact with an advertisement there is a possibility that the advertiser may place a cookie in (their) browser and note that it meets the criteria they selected.” Which is just a confusing way of saying that if you click on an ad, that advertiser reserves the right to pull up as much information as your Facebook account permits and use it to sign you up for months and even years of “conveniently personalized” ads.

In the fall of 2010, a
Wall Street Journal
article made waves when it
revealed that nearly a dozen popular
Facebook apps, including Texas HoldEm Poker, FrontierVille, and
FarmVille, were sharing information (including users’ names and the names of those users’ friends) with at least twenty-five advertising and Internet-tracking companies, shattering all Facebook’s privacy rules and compromising the privacy of 70 percent of all those who regularly use apps on Facebook, even those who maintained the most secure privacy settings. Though no one was able to prove that Facebook had any prior knowledge of this breach, the shocking affair “renew[ed] questions about [Facebook’s] ability to keep identifiable information about its users’ activities secure,” the
Journal
reported.
⁴⁰

If this wasn’t enough to make you want to sell your virtual farm, disband your Mafia crew, and deactivate your profile, a few weeks later the other shoe dropped. This time, it was the
New York Times
that broke the story, revealing that in some cases Facebook advertisers (or, as the article put it, “snoops posing as advertisers”) could capture sensitive profile data, including users’ sexual orientations and religions (even though, as a policy, Facebook does not trade this information with marketers).

As an experiment, researchers in India and Germany created six separate Facebook user accounts. These accounts were identical except for one difference: in two of the six the (fake) user checked off that he/she was interested in persons of the same sex. Not surprisingly, gay-specific ads (e.g., ads for gay bars) soon began to pop up on the sites of the individuals who had revealed themselves to be gay, as did other ads that had no link to users’ sexual preferences. However, since these seemingly neutral ads appeared exclusively on gay men’s pages, if the user clicked on one of them and was taken to that company’s site, he would be dropping a “unique identifier” telling that company or advertiser that he was gay. And while the identifier, “typically a cookie or a computer’s Internet address,” does not necessarily disclose the identity of the person who clicked,” the
Times
reported, “privacy experts said an advertiser could potentially obtain the name in other ways and link it to the user’s sexual orientation, perhaps by asking the person to sign up for a newsletter or fill out a form.”

In a related experiment, a Stanford researcher placed an ad on Facebook targeting users based on their location, age, gender, interests,
and sexual orientation. She next placed a Facebook ad targeting those characteristics, including ads aimed at users interested in same-sex relationships. As the “advertiser” she was able to see whom Facebook had chosen to display that particular ad to—and could thus conclude that that person was gay. According to the
New York Times
, she concluded that someone could use this same technique to find other profile information supposedly protected by the privacy settings, including relationship status and political and religious affiliations, and that it could even be “on other social networks or Web sites, like Google and MySpace.”
⁴¹

True, no identifying names are involved, and true, Facebook doesn’t directly or deliberately share your personal information with advertisers (or if it does, I can’t prove it). Still, it doesn’t make it all that difficult for probing advertisers to get around its privacy control, either. In fact, the site is notorious for constantly changing and tweaking its privacy policy—and each time it does, it’s an excuse for the site to reset users’ privacy controls to a default setting. And after all, what is Facebook if not an incomparably rich database of information about every detail of our lives, and what is Facebook’s business model if not one of reliance on its partnerships with advertisers? Noting that someday soon Facebook will represent the “default single sign-on for the web,” the
Financial Times
imagines a nightmarish future fantasy in which “a user shares information about their eating and exercise habits on Facebook, and this is paired with other information, such as web browsing history, by any number of so-called ‘
data mining’ companies. These companies create a profile of the user that is sold to various parties, potentially including health insurers. Based on some of this unflattering information, the insurer decides to deny the user coverage.”
⁴²

I
f you want to keep your personal information away from data miners, I also suggest you stay away from
Foursquare, which not only stores any information you provide, including your IP address, browsing history, phone number, birthday, and more, each time you “check
in” somewhere but also reserves the right to “draw upon this personal information in order to adapt the services of our community to your needs, to research the effectiveness of our network, and to develop new tools for the community,” as well as to “provide aggregate information to our partners about how our customers collectively use our site.”
⁴³
Of course, Foursquare claims, “We share this type of statistical data so that our partners also understand how often people use their services and our Service, so that they, too, may provide you with an optimal online experience,” but this really means it reserves the right to share any of your information with third-party search engines, businesses, and advertisers—and in real time, too. And what happens if you broadcast your Foursquare location to all your buddies on Facebook, as most people do? Well, uh, then, “such information is no longer under the control of Foursquare and is subject to the terms of use and privacy policies of such third parties.”
⁴⁴
In other words, it’s fair game for all.

But perhaps the biggest thorn in privacy advocates’ paw is
Google, the king of the Internet, which has made it a corporate mission to “organize the world’s information.” Known for having the most sophisticated and predictive algorithms and data-tracking capabilities of any site on the Web, Google not only knows what you search for and links our accumulated search patterns to the computers we use, it knows what online videos you watch, what music you stream, what articles you read, what files you download, and more. It also knows what’s in your e-mails—which it scans automatically for the purpose of serving you up “contextual advertising,” that is, targeted advertising for products somehow related to something you’ve just e-mailed about. And of course, thanks to Google Maps, it also knows where you live, what books are on your shelves, what car is parked in your driveway, and whether or not there’s a wisp of smoke coming out of your chimney.

If you sign up for Google Buzz, an online service that’s also available via your smart phone, Google will know even more. Google Buzz works by bringing together all the information you post on various social media—including Facebook,
Twitter, Flickr, Foursquare, and Picasa—in one place. If you subscribe, Buzz not only will know who appears in your photos, what topics you tweet about on Twitter, and what you “like” on Facebook; it will “geo-tag” your Buzz post so
it will also know exactly where you are at all times. And since what Google Buzz does differently from other social media services is filter the information from people you’ve signed on to follow so that only the most popular content shows up in your in-box, Google will also know which individuals are the most valuable or influential members of your circle—in other words, which individuals are the most irresistible marks for advertisers.

Still, if you thought this was bad, wait until you find out how advertisers and data miners will use social media to brandwash you in the future. Software company SAS recently rolled out a product that can analyze the “chatter” across social media, including Facebook and
Twitter, and identify those who post the most influential comments and are therefore the best marketing targets. Last year a broad array of companies, including
Amazon, joined forces with Facebook. Now, if you opt into this particular alliance, not only will Amazon be able to see what books and music you—and any of your friends who have also opted in—deem cool and market to you accordingly, but if you view a product on Amazon, a little icon will tell you how many of your friends “like” it on Facebook. It’s
data mining meets peer pressure at its finest.

A
s if this digital spying weren’t enough, companies also have a lot of tricks up their sleeves for getting us to
voluntarily
divulge a whole lot of data. If you want to cash a paycheck at a
Walmart, for example, you must surrender both your Social Security number and your driver’s license information, and quite often your e-mail address. Guess where that information ends up? You guessed it, in Walmart’s headquarters in Bentonville, Arkansas. And if Walmart were working with a “data enhancement company” (which, as of writing, it’s not), merely divulging your e-mail address could reveal not just your name and address but also additional information about the value of your house and even the size of your mortgage.

Often we unwittingly give companies permission to share our personal information with other companies and advertisers by blindly
agreeing to “terms of service” or “license agreements” on sites like the
iTunes store. It’s no secret that companies bury all kinds of privacy waivers in pages and pages of writing so complex, tedious, and confusing only a member of Mensa using a microscope could decipher it. But take a guess how many people read these disclaimers, known in industry circles as “EULAs” (end-user license agreements)—before clicking “yes” or “I agree”? According to a 2009 study conducted by the New York University School of Law, of the 45,091 households tracked over a thirty-day period, only one or two per every thousand shoppers (that’s about 0.01 percent) spent longer than a single second reading a product’s EULA,
⁴⁵
and what’s more, the 2005 National Spyware Study by Ponemon Institute found that only 13 percent of people bother to read EULAs before they download free software.