- From: Jules Polonetsky <julespol@futureofprivacy.org>
- Date: Thu, 3 Nov 2011 09:58:43 -0400
- To: "'Jeffrey Chester'" <jeff@democraticmedia.org>, <public-tracking@w3.org>
- Cc: "'Mike Zaneis'" <mike@iab.net>, "'Aleecia McDonald'" <aleecia@aleecia.com>
Today's story on mobile tracking provides additional background for why we should be including the app environment in guidance around how to exchange a DNT flag. Digiday: Daily, 11/3/11 Mobile Tracking Walks Fine Line on Privacy http://www.digiday.com/stories/mobile-tracking-walks-fine-line-on-privacy/ The mobile marketing industry faces a dilemma. On one hand, it desperately needs to address the lack of measurement and targeting capabilities that continues to inhibit its growth, but, on the other, it's at serious risk of angering both consumers and regulators by employing powerful tracking technologies behind their backs. Ultimately, most agree, the industry will benefit from being upfront about these practices from the outset to avoid the type of backlash seen around desktop ads. That would trigger regulatory scrutiny that could further limit its progress. Moreover, the personal nature of smartphones and tablets makes that transparency even more important. And yet, there are complications in such transparency. Mobile's major issue is its lack of cookies, the de facto standard for browser-based advertising. As a result marketers and vendors have sought workarounds, tapping into unique device identifiers, MAC addresses, and HTML5 storage to try to identify users. Following Apple's decision to limit access to UDIDs in its latest version of iOS, the adoption of device fingerprinting is also gaining traction. This is being done without most consumers knowing a thing. There is no notice given when a device is fingerprinted. "In mobile you're going to see a lot of new tech, so it's essential the privacy side keeps up," said Chris Babel, CEO of TRUSTe. "We got ourselves in a sticky situation with the desktop Web, and now we're recovering. . The industry evolved with 'hide it from the consumer' attitude," he said. Fingerprinting is an example of a mobile tracking method that's already taking hold. Mobile ad vendor InMobi says it's in the process of rolling the technology out across its network, for example, powered by technology from 41st Parameter. Every time a cellphone or tablet device connects to the Internet, it broadcasts information about its properties and settings, such as which browser and version it's running, its screen resolution, clock settings, and many more. Those individual pieces of information can be combined to build unique profiles -- or fingerprints -- that can be tracked as they move across the Web. Unlike cookies, fingerprints cannot be deleted as they identify devices themselves, rather than pieces of data placed on them. "Fingerprinting is where this is going to go in the next five years," Babel predicted, but the average consumer has no idea what it is or why it's being used. Meanwhile fellow fingerprinting tech provider BlueCava says it's already tracking millions of devices, mostly without the knowledge of the consumers using them. The company claims to have clients in the ad space but declines to name them, highlighting the sensitivity around the practice. Despite that, the firm's CEO, David Norris, maintains that it's in discussion to educate regulators around its technology. The company has no intention to "fly below the radar," he said. BlueCava has an opt-out mechanism on its website, but how would consumers even know if their device was fingerprinted? Few in the industry have heard of BlueCava, much less in the general population. According to research by TRUSTe, even simple consumer protections are virtually non-existent in the mobile arena, though. For example, the company found 77 percent of the top 300 Apple, Android and BlackBerry apps do not have privacy policies, prompting it to launch a free tool enabling them to easily create them. On the desktop, Web privacy policies are clunky and verbose, and designed to satisfy legal requirements rather than educate consumers. That being said, they at least offer some insight into what data is being collected and how it is being used. In mobile, however, developers and publishers are making virtually no attempt to disclose that information, supporting the "wild west" analogy that is frequently applied to the wider digital ad space. Because of the complexities and privacy concerns around mobile tracking, AOL is approaching the space with caution. It was evaluating fingerprinting technology from Ringleader digital earlier this year, but the firm went suggesting AOL backed away from those talks. "Over time we'll be able to take more advantage of the trackability of mobile, but we're not going to push that at all," said Trent Herren, who oversees the monetization of AOL products. "We'll do it very carefully and very slowly with mobile. Others will push the limits more quickly than we do, but our plan is to be conservative on that front," he added. According to Babel, the industry is doing a much better job around mobile privacy than it did on the desktop. Efforts from industry bodies such as the Digital Advertising Alliance and the IAB are helping drive progress, he said, despite the fact the mobile arena has already found itself on the receiving end of privacy-related Congressional hearings. "The evolution of how to educate consumers is right now," he said. "If we weren't having these discussions, I'd be very concerned." -----Original Message----- From: Jeffrey Chester [mailto:jeff@democraticmedia.org] Sent: Thursday, November 03, 2011 9:51 AM To: public-tracking@w3.org> Cc: Mike Zaneis; Aleecia McDonald; Jules Polonetsky Subject: Re: TPE Document, S2.3 P1 Mobile marketing applications for opt-out and opt-in require a special design, given the relationship between the dynamic content placed on the small screen and the combined behavioral targeting/location targeting business model. It requires an orientation to how the mobile screen and related applications are designed to foster data capture. For an example of how the mobile industry has failed to address these concerns in the latest proposed guidelines, see my: http://www.democraticmedia.org/new-mma-mobile-app-privacy-framework-fails-pr otect-privacy-annals-data-collection-foxes-running-stan
Received on Thursday, 3 November 2011 13:59:25 UTC