The debate has begun over the Federal Trade Commission proposal to protect online privacy, which suggests that web browsers offer a "do not track" option that allows users to indicate they do not wish to receive targeted advertising or be tracked across different websites. Thus far, reaction has been predictably extreme. Some are suggesting that this policy will cause the death of the entire Internet economy. An editorial in the Silicon Valley Mercury News makes the questionable claim that, "Many consumers would be disappointed if they stopped getting personalized advertising." The leading browser software companies claim they already have robust features that allow users to opt out of being tracked online, which is kinda, sorta true, making the discussion even more complicated.
But step back from the issue a bit. Does anyone care if ads are targeted to them based on the content of the web pages they view? I don't think so. Does anyone care if an ad "follows" them from site to site because website are sharing information about your online viewing habits? It's a bit creepy at first, but if you think about it rationally, there's not a lot to get exercised about. If you look at a review on a Ford car on one site, and suddenly start seeing Ford ads on other sites you visit, there are far worse things in life, and at some level you have to respect the cleverness of this advertising technique.
But imagine if someone tracked the sites you visited, perhaps even the content you read, and built a giant database of detailed, intimate knowledge of your interests, your lifestyle preferences and possibly even your health concerns. Starting to get a little worried? The immediate response from those in the business is, "We don't know who you are. You're just an IP address to us." But what if someone matched your ostensibly anonymous IP address to an online registration database where you have supplied your name, address, email and possibly a lot more information? Impossible you say? Well, (dirty little secret) when you register online, it's common for the website operator to collect your IP address. As a data publisher, you know how easy it is to match two files that both contain a common unique identifier.
Some users think they can stay ahead of the game by deleting cookies from their computers after each browsing session. But Flash cookies contain lots more information than a standard browser cookie, and don't get deleted with regular cookies. To see the scope of this for yourself, search your hard drive for files with the unfortunate file extension "SOL." I found several hundred on my first try, all placed by parties unknown, tracking who knows what and passing this information on to who knows who.
The point is that in tackling the privacy issue, a distinction needs to be made between benign activity and the nefarious practice of secretly capturing and selling highly personal details to unknown third parties for unknown uses. Used responsibly, there's a valid place for sophisticated online tracking techniques. So we need to be very clear that the problem is not tracking itself, but what is being tracked and for what reasons. Don't throw the baby out with the bathwater.