dessalles

Over the last month or so, Phorm has faced quite a bit of scrutiny. The London-based company has partnered with a number of major British ISPs (British Telecom, Virgin Media and Talk Talk) to track the websites people visit in order to serve more precisely targeted ads. Of course, the digital privacy sirens were sounded full blast at first mention of this joint venture. Phorm argues their “technology doesn’t store any personally identifiable information or IP addresses”. Their site explains that a “random number” is assigned to each user and it’s impossible to connect that number back to a person’s identity. But we all know what happened to No. 4417749. If AOL’s fiasco taught us anything, it’s that the information being associated with these random numbers can frequently contain more information about an identity than the information being concealed by the random number in the first place.

Similar to the Phorm/BT partnership, Charter Communications, the fourth-largest cable operator in the US, announced this week that they’ll be tracking every site their customers visit and selling that data to ad-placement company NebuAd. What I think people find so objectionable with Phorm and NebuAd is they don’t seem to be offering anything of much value back to the consumer. If they were somehow enabling free/cheaper internet access (a la NetZero of the late-90s) or offering any sort of service of value that’s not strictly ad related, it might be a completely different story. But all they seem to be doing is introducing a privacy risk for what will most likely amount to a negligible increase in advertising relevance.

Anyhow, more interestingly, it’s time for me to ask my favorite question: What changes once a handful of ISPs begin tracking everything people look at online, when everything is recorded? The first behavioral response to Phorm’s technology has appeared in the form of software called AntiPhormLite…

AntiPhormLite runs independently and silently in the background of your PC. It connects to the web and intelligently simulates natural surfing behavior across thousands of customizable topics. This creates a background noise of false information disguising and inverting your own interests.

I touched on this idea before and what it boils down to is: When everything is recorded, privacy is accomplished by distributing misinformation, as supposed to withholding sensitive information. In other words, if you can’t prevent information from entering the system, just flood it with noise. That’s all well and good in an anti-advertising context, but when we step back and consider the system we’re talking about is a maturing communications network (the Internet), such practices can be extremely unhealthy.

Because what happens if the same technique is employed as a privacy solution in social contexts? The promise of many social web services is the possibility of getting to know new and interesting people. As a result, users are in a continual three-way balancing act: How do they maintain their privacy and share personally interesting information with friends, all while remaining accessible to acquaintances and strangers not yet part of their inner social network? What happens when a twitter user, with a desire to keep their tweets public, is forced to lie to achieve short-term privacy? How does that impact twitter’s credibility as a communications platform? (I wonder what percentage of tweets are in fact lies or of questionable truthiness? Any guesses?) What happens when it’s easier for a user of a location-based social network to lie about their location than continually fiddle with privacy settings? Are these life-casting applications sustainable when users have no clear sense as to the level of trust they should expect from and invest in these services?

Obviously I’m being overly alarmist here, but I think it’s sometimes worth thinking about such questions with some amount of despondency.