Privacy and tracking

“I can’t believe you are wearing one of those,” they said while sneering at the Pebble watch I was wearing. Yes, that’s how someone introduced themselves to me at a conference last year. Apparently, I’m not allowed to wear smartwatches, or something. It wasn’t clear what their problem was or why they thought that was a good opening line. Best I can figure, it was some commentary on the hypocrisy of me wearing a smartwatch and claiming to be pro-privacy.

The thing is, I think I’m aware of how much information is out there about me, although I’m pretty convinced there’s even more than I think there is. The decisions we make about privacy and tracking are complicated. Do I take this 5% discount on something in return for having my purchases tracked? Do I participate in Facebook knowing they’re compiling a full dossier on me? Do I stay logged into Google? Does any of that matter?

We’re watched by corporations and they know a lot about us and what we do. Loyalty cards are ubiquitous and they’re purchase tracking devices. Many apps track us and send that data back to companies. Half of Palo Alto office space has been taken over by a secretive company called Palantir that is built on tracking and profiling people. Tracking is a fact of life.

Online we’re tracked all the time. Even if we try and avoid it, if we participate in almost anything online we’re tracked. In many cases, this is taken as implicit consent to be tracked. Being a part of a community we enjoy or using services that benefit us come with the price of tracking.

Many people don’t really understand how ubiquitous tracking is. I’m sure I don’t, and I believe everything I do is tracked somewhere by someone.
I pointed out earlier this week that the company Unroll.me was using the access they had to consumer mailboxes to sell data they extracted from emails. I also pointed out there are other companies with access to mailboxes and that many email marketers are the target market for the data they’re selling.

Return Path commented on my post and clarified how transparent they attempt to be in their various data products. I’m sure they are, I know a lot of the folks at Return Path and I trust them. But that doesn’t scale. I can’t personally know the executives at every company I do business with and trust they’re not out to invade my privacy.

It’s a fact that the modern lifestyle includes tracking. That doesn’t mean we shouldn’t pay attention to apps and what access they have. But it does mean if we want to fully participate and have access we need to accept the price is some privacy invasion and tracking. What unroll.me did might be unexpected, but it’s not unusual.

Related Posts

Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

Read More

September 2015: The month in email

SeptemberCalendarSeptember’s big adventure was our trip to Stockholm, where I gave the keynote address at the APSIS Conference (Look for a wrapup post with beautiful photos of palaces soon!) and had lots of interesting conversations about all things email-related.
Now that we’re back, we’re working with clients as they prepare for the holiday mailing season. We wrote a post on why it’s so important to make sure you’ve optimized your deliverability strategy and resolved any open issues well in advance of your sends. Steve covered some similar territory in his post “Outrunning the Bear”. If you haven’t started planning, start now. If you need some help, give us a call.
In that post, we talked a bit about the increased volumes of both marketing and transactional email during the holiday season, and I did a followup post this week about how transactional email is defined — or not — both by practice and by law. I also wrote a bit about reputation and once again emphasized that sending mail people actually want is really the only strategy that can work in the long term.
While we were gone, I got a lot of spam, including a depressing amount of what I call “legitimate spam” — not just porn and pharmaceuticals, but legitimate companies with appalling address acquisition and sending strategies. I also wrote about spamtraps again (bookmark this post if you need more information on spamtraps, as I linked to several previous discussions we’ve had on the subject) and how we need to start viewing them as symptoms of larger list problems, not something that, once eradicated, means a list is healthy. I also posted about Jan Schaumann’s survey on internet operations, and how this relates to the larger discussions we’ve had on the power of systems administrators to manage mail (see Meri’s excellent post here<).
I wrote about privacy and tracking online and how it’s shifted over the past two decades. With marketers collecting and tracking more and more data, including personally-identifiable information (PII), the risks of organizational doxxing are significant. Moreso than ever before, marketers need to be aware of security issues. On the topic of security and cybercrime, Steve posted about two factor authentication, and how companies might consider providing incentives for customers to adopt this model.

Read More

Electronic records outside US not covered by US warrants

The 2nd Circuit Court of Appeals ruled against the Government today in US Government vs. Microsoft. The government is investigating a drug dealer and want access to records held by Microsoft. Microsoft turned over metadata stored on US machines. But they refused to turn over the specific emails stored on machines in Dublin. The company’s position is that the federal government needs to follow the rules of the Mutual Legal Assistance Treaty between the US and Ireland.
This has been winding its way through the appeals court.
The court’s ruling today states “§ 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign servers.”
An interesting ruling, and I see pros and cons to the ruling. It does complicate anti-spam enforcement a bit and make it easier for criminals to hide their data overseas while they might be in the US. But it’s already easy for them to do that. Many arrests of spam gangs and others for crimes committed on the Internet over email involve multiple law enforcement agencies across the world.
Full text of the ruling (.pdf link)

Read More