W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

RE: TPE Document, S2.3 P1

From: Jules Polonetsky <julespol@futureofprivacy.org>
Date: Thu, 3 Nov 2011 09:58:43 -0400
To: "'Jeffrey Chester'" <jeff@democraticmedia.org>, <public-tracking@w3.org>
Cc: "'Mike Zaneis'" <mike@iab.net>, "'Aleecia McDonald'" <aleecia@aleecia.com>
Message-ID: <004901cc9a30$b37a34a0$1a6e9de0$@futureofprivacy.org>
Today's story on mobile tracking provides additional background for why we
should be including the app environment in guidance around how to exchange a
DNT flag.

Digiday: Daily, 11/3/11
Mobile Tracking Walks Fine Line on Privacy
http://www.digiday.com/stories/mobile-tracking-walks-fine-line-on-privacy/
The mobile marketing industry faces a dilemma. On one hand, it desperately
needs to address the lack of measurement and targeting capabilities that
continues to inhibit its growth, but, on the other, it's at serious risk of
angering both consumers and regulators by employing powerful tracking
technologies behind their backs.
Ultimately, most agree, the industry will benefit from being upfront about
these practices from the outset to avoid the type of backlash seen around
desktop ads. That would trigger regulatory scrutiny that could further limit
its progress. Moreover, the personal nature of smartphones and tablets makes
that transparency even more important.
And yet, there are complications in such transparency. Mobile's major issue
is its lack of cookies, the de facto standard for browser-based advertising.
As a result marketers and vendors have sought workarounds, tapping into
unique device identifiers, MAC addresses, and HTML5 storage to try to
identify users. Following Apple's decision to limit access to UDIDs in its
latest version of iOS, the adoption of device fingerprinting is also gaining
traction. This is being done without most consumers knowing a thing. There
is no notice given when a device is fingerprinted.
"In mobile you're going to see a lot of new tech, so it's essential the
privacy side keeps up," said Chris Babel, CEO of TRUSTe. "We got ourselves
in a sticky situation with the desktop Web, and now we're recovering. . The
industry evolved with 'hide it from the consumer' attitude," he said.
Fingerprinting is an example of a mobile tracking method that's already
taking hold. Mobile ad vendor InMobi says it's in the process of rolling the
technology out across its network, for example, powered by technology from
41st Parameter. Every time a cellphone or tablet device connects to the
Internet, it broadcasts information about its properties and settings, such
as which browser and version it's running, its screen resolution, clock
settings, and many more. Those individual pieces of information can be
combined to build unique profiles -- or fingerprints -- that can be tracked
as they move across the Web. Unlike cookies, fingerprints cannot be deleted
as they identify devices themselves, rather than pieces of data placed on
them.
"Fingerprinting is where this is going to go in the next five years," Babel
predicted, but the average consumer has no idea what it is or why it's being
used.
Meanwhile fellow fingerprinting tech provider BlueCava says it's already
tracking millions of devices, mostly without the knowledge of the consumers
using them. The company claims to have clients in the ad space but declines
to name them, highlighting the sensitivity around the practice. Despite
that, the firm's CEO, David Norris, maintains that it's in discussion to
educate regulators around its technology. The company has no intention to
"fly below the radar," he said. BlueCava has an opt-out mechanism on its
website, but how would consumers even know if their device was
fingerprinted? Few in the industry have heard of BlueCava, much less in the
general population.
According to research by TRUSTe, even simple consumer protections are
virtually non-existent in the mobile arena, though. For example, the company
found 77 percent of the top 300 Apple, Android and BlackBerry apps do not
have privacy policies, prompting it to launch a free tool enabling them to
easily create them.
On the desktop, Web privacy policies are clunky and verbose, and designed to
satisfy legal requirements rather than educate consumers. That being said,
they at least offer some insight into what data is being collected and how
it is being used. In mobile, however, developers and publishers are making
virtually no attempt to disclose that information, supporting the "wild
west" analogy that is frequently applied to the wider digital ad space.
Because of the complexities and privacy concerns around mobile tracking, AOL
is approaching the space with caution. It was evaluating fingerprinting
technology from Ringleader digital earlier this year, but the firm went
suggesting AOL backed away from those talks.
"Over time we'll be able to take more advantage of the trackability of
mobile, but we're not going to push that at all," said Trent Herren, who
oversees the monetization of AOL products. "We'll do it very carefully and
very slowly with mobile. Others will push the limits more quickly than we
do, but our plan is to be conservative on that front," he added.
According to Babel, the industry is doing a much better job around mobile
privacy than it did on the desktop. Efforts from industry bodies such as the
Digital Advertising Alliance and the IAB are helping drive progress, he
said, despite the fact the mobile arena has already found itself on the
receiving end of privacy-related Congressional hearings.
"The evolution of how to educate consumers is right now," he said. "If we
weren't having these discussions, I'd be very concerned."


-----Original Message-----
From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
Sent: Thursday, November 03, 2011 9:51 AM
To: public-tracking@w3.org>
Cc: Mike Zaneis; Aleecia McDonald; Jules Polonetsky
Subject: Re: TPE Document, S2.3 P1

Mobile marketing applications for opt-out and opt-in require a special
design, given the relationship between the dynamic content placed on the
small screen and the combined behavioral targeting/location targeting
business model.  It requires an orientation to how the mobile screen and
related applications are designed to foster data capture.

For an example of how the mobile industry has failed to address these
concerns in the latest proposed guidelines, see my:
http://www.democraticmedia.org/new-mma-mobile-app-privacy-framework-fails-pr
otect-privacy-annals-data-collection-foxes-running-stan
Received on Thursday, 3 November 2011 13:59:25 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC