No Spies Under My Bed

Computer spy

Currently, the only truly effective way consumers can stop the collection of their personal data when shopping is not to use the internet, to be paid and to pay for everything in cash, and to hide their money in their mattress.

More seriously, most of us will continue to use web services despite privacy concerns. You can try to opt-out of marketing schemes or reconfigure your web browser to reject advances from sites that offer cookies or install spying applications. However, most such rejections will prevent you from trading on most e-commerce sites altogether. So, cookies will crumble, there’s no two ways about it if you want to shop online or use web 2.0 interactive sites. You can, of course, use software to delete those cookies as soon as you’re finished your interaction with the site and so gain a little privacy and prevent the sites tracking where you went after you left when you visit a second time. But, either way, they’re going to get lots of useful information while the cookie lasts.

There is no single solution to preventing the increasing erosion of personal privacy on the Web, says Madan Lal Bhasin of the Business School SungKyunKwan University in Seoul, South Korea. Writing in the latest issue of the International Journal of Internet Marketing and Advertising (2008, vol 4, pp 213-240) he describes how new e-commerce technology has increased the ability of online retailers and others to collect, monitor, target and sell personal information about their customers to third parties.

Countless companies across the globe are doing just that in ways that were not dreamed of before the advent of the Web. Moreover, the emergence of so-called social media web 2.0 sites, such as MySpace and Facebook has led to a new generation of privacy issues that go beyond those seen with conventional e-commerce websites.

As such, online consumer and web user privacy is becoming an ever keener focal point among cyber activists as well as among governments and regulators. That said, when it is the governments themselves losing and abusing the personal data of millions of taxpayers (see recent UK news), then the notion of any government protecting one’s privacy becomes absurd. Nevertheless, in the long-term, finding a balance between absolute personal privacy and the smooth operation of commerce and social sites in cyberspace poses a significant challenge.

Bhasin and colleagues point out that are grave dangers for corporations that collect and use personal information, ignoring privacy legislative and regulatory warning signs. Indeed, such abuse could prove to be very costly not only in terms of putative fines from regulators but also through loss of business among customers increasingly aware of their privacy rights. In the worst-case scenario it is not beyond the realms of possibility that a company abusing standard privacy etiquette to the extreme could collapse should word spread and users boycott the site or mount retaliatory attacks of their own against the company’s web servers. Regardless, many companies can and do repeatedly flout the complex rules and regulations that govern privacy in the US, Europe, and elsewhere.

Technology that protects consumer privacy must work without stifling e-commerce. It must somehow be foolproof and be entirely transparent to end-users. Unfortunately, no such technology yet achieves this. There are countless personal software products, such as anti-spyware programs, cookie cutters, anonymous proxies, and other solutions, such as Firefox plugins like NoScript (which blocks all scripting on a website) and AdBlockPlus (which blocks advertisements). These can reduce the chances of private data being sucked from an individual’s web browsing habits.

However, there are hundreds of such programs each with a slightly different purpose. The field is heavily fragmented and many users are not only unaware of these programs they are also generally unaware of the existence of spyware and cookies. An additional problem arises when novice users having heard rumour of spyware, download tools without taking advice. There are well-known legitimate tools available. There are many instances of malware surrogates of those tools that often rank higher in the search engine results pages and so are more prominent. Installation of such rogue programs can result in deeper privacy compromises than the user hoped to avert.

Similarly, software that encrypts, deletes history files or shields your computer from apparently benevolent, but potentially malicious, applications is available but many users are again unaware of the issues intrinsic to using cyberspace and so do not use such programs. Rogue versions of every kind of protective software exist to exploit the novice user.

Legitimate e-commerce and web 2.0 sites have transparent privacy policies. These sites and others may also use online seals of trustworthiness and browser certificates that demonstrate credibility. However, such statements and badges are only useful if the companies that display them adhere to the underlying principles. Any company could wear a badge of honour, and yet even large, well-known companies do not necessarily comply fully with their own privacy policies and they allow trust certificates to expire. something many users simply ignore without realising the implications.

“Unfortunately, there is no ‘single’ solution to stop the erosion of privacy in cyberspace – no single law that can be proposed or single technology that can be invented to stop the profilers and spies in their tracks,” Bhasin re-asserts. He concludes that, “The battle of privacy, of course, must be fought on three fronts – legal, political and technological – and each new assault must be vigilantly resisted as it occurs.” Whether or not individuals will ever have the weaponry to win the battle is a different matter, we can try, but I suspect the only truly private approach is that bundle of cash stuffed in your mattress.