dessalles

Hot on the heels of my post about Phorm, a company that’s partnered with ISPs to record every website a person visits, Adam Greenfield points us to Path Intelligence, a real-world counterpart to internet tracking. In short, Path Intelligence installs devices in shopping malls which triangulate mobile phones in order track the exact location and movement of shoppers. This “FootPath™” data is then used by mall and business owners to identify logistical faults and marketing opportunities: What areas are generating congestion? What stores do shoppers who frequent one store also regularly visit? What stores see more traffic on rainy days?

Looking at a demo of the Path Inelligence UI, I’m reminded of the heatmaps videogame developer Bungie produces with data gathered from online play of Halo 3. The heatmaps, which visualize the locations of kills and deaths by specific weapon types, are used by level designers to ensure playing fields are well balanced and kills are evenly distributed across the terrain (Does a map bias a certain weapon type? Does map asymmetry give one team an advantage?). What’s more interesting is that Bungie produces a heatmap of every players’ indivdual kills and deaths, and that data has proven to be an excellent strategic resource more serious competitors (Am I more accurate with the sniper rifle when firing from the tower or up on the hill? Should I be using the shotgun or rifle in narrow corridors?). But I digress… continue reading »

Over the last month or so, Phorm has faced quite a bit of scrutiny. The London-based company has partnered with a number of major British ISPs (British Telecom, Virgin Media and Talk Talk) to track the websites people visit in order to serve more precisely targeted ads. Of course, the digital privacy sirens were sounded full blast at first mention of this joint venture. Phorm argues their “technology doesn’t store any personally identifiable information or IP addresses”. Their site explains that a “random number” is assigned to each user and it’s impossible to connect that number back to a person’s identity. But we all know what happened to No. 4417749. If AOL’s fiasco taught us anything, it’s that the information being associated with these random numbers can frequently contain more information about an identity than the information being concealed by the random number in the first place.

Similar to the Phorm/BT partnership, Charter Communications, the fourth-largest cable operator in the US, announced this week that they’ll be tracking every site their customers visit and selling that data to ad-placement company NebuAd. What I think people find so objectionable with Phorm and NebuAd is they don’t seem to be offering anything of much value back to the consumer. If they were somehow enabling free/cheaper internet access (a la NetZero of the late-90s) or offering any sort of service of value that’s not strictly ad related, it might be a completely different story. But all they seem to be doing is introducing a privacy risk for what will most likely amount to a negligible increase in advertising relevance.

Anyhow, more interestingly, it’s time for me to ask my favorite question: What changes once a handful of ISPs begin tracking everything people look at online, when everything is recorded? The first behavioral response to Phorm’s technology has appeared in the form of software called AntiPhormLite… continue reading »

In his 2007 year-end wrap up, Matt Webb lays out a scenario for some social-software better served by a sign-in system that doesn’t rely on the standard username and password pair:

9
[...] The challenge I was thinking about was this: how would you design a sign-in system for a book club? Having them share a username and password doesn’t seem elegant somehow: although the information they keep online they want to keep in common, in the meat world telling one person a username and password doesn’t guarantee that knowledge passes to others in the group. So is there knowledge they do hold in common?

Perhaps the login system could be based around questions: ‘what is a name of a blonde person in your group?’ And let’s say, to sign in, you answer three questions: two which are known by the system and one which isn’t. The one which isn’t known is asked several times and the answers correlated. This becomes another known fact the system can use in the official part of the sign-in process. The problem I see here is that people from outside the group could also sign in, and this is also the problem with traditional passwords: with my weblog, it’s not the random stranger I want to prevent logging in–it’s the potentially malicious people I might meet, who are the people most likely to guess my password (except that I use a strong password, but you get my drift).

It’s an interesting concept – one that reminds me of the US Department of Motor Vehicles’ method for proving identity. Point values are assigned to different documents based on how authoritative they are as proofs of identity – a passport is 4 points whereas a high-school diploma is only 1 point. So a specific transaction requires a specific point total (e.g. 6 points to renew a driver’s license), and it’s up to the applicant to provide a collection of documents that add up to the required number of points. If we extend the DMV’s system to online sign-in, in addition to accepting a username and password, we might also accept other weaker forms of identification such as an IP address, user agent, a multiple choice question about the last action you took on the site or the title of the last book read by the club.

continue reading »