May 19, 2012

The Somewhat Strange Saga of Twitter's New Tracking

You may have noticed an array of articles in the media last week proclaiming that Twitter is now supporting the "Do Not Track" Internet browser initiative.

The U.S. Federal Trade Commission (FTC) was talking about it. Even the White House blogged about this yesterday.

Regular readers may know that I've become rather dubious regarding the essential value of "Do Not Track" as currently being envisioned and implemented (e.g. Do-Not-Track, Doctor Who, and a Constellation of Confusion), particularly as this is frequently entwined with the senseless "demonization" of Web cookies (Google, Safari, and a Clamor of Cookie Confusion).

Just yesterday we heard about a $15 billion dollar class action lawsuit against Facebook, related to cookies and tracking. Now, I'm most definitely no friend of Facebook -- I refuse to even use them other than maintaining placeholder accounts -- but this lawsuit appears to be ludicrous, blatant litigation abusive opportunism in action.

My view on cookies in this context is fairly simple. I find it disingenuous to attack cookie usage when no actual, purposeful, or significant privacy-related harm to users has occurred.

Which brings us back to Twitter and Do Not Track.

With all the talk of Twitter now supporting Do Not Track, I wonder how many people stopped to think, "Wait a minute, what is Twitter tracking in the first place for which Do Not Track is even relevant?"

The focus on Do Not Track had the effect of de-emphasizing the fact that Twitter has now begun to deploy a broad, cross-site tracking regime, which will track and correlate your visits to non-Twitter sites that include (for example) Twitter-related buttons or other elements, as part of new system to make Twitter follower suggestions and provide additional upcoming features.

In other words, Twitter's new embrace of Do Not Track is in conjunction with default enabled, cookie-based tracking that they weren't doing at all up to now, a fact that was not highlighted (or in some cases even mentioned) in most of those stories and articles about Twitter last week.

Now personally, I feel that Twitter itself is handling this in a responsible way. Twitter has provided various mechanism to opt-out of their new cross-site tracking. You can use the browser Do Not Track mechanism if you wish (though I continue to consider that suboptimal for various reasons). You can opt-out via your Twitter profile. You can log out of Twitter (this stops tracking until you log back in). Twitter also says they will start deleting your detailed tracking data after about 10 days from collection. Twitter has also been proactive telling people about this, sending out email notifications.

So I have no problem with the functional structure of Twitter's new tracking system itself.

Still, it is very similar in essence to the sorts of tracking systems for which Google, Facebook, and others have been criticized. Twitter's system, like those others, is opt-out in nature rather than opt-in, though in reality this distinction is much less clear-cut and much more complex than most people assume (see Opt-In Dystopias).

It is understandable that promoters of Do Not Track chose to emphasize that aspect of Twitter's announcement, rather than the new tracking system that Twitter is deploying.

And again, I think that Twitter is handling their new initiative in a responsible manner.

Yet I do feel that it is important for us to understand the essential commonalities in these systems, whether from Twitter, Google, Facebook, or anyone else. We should not be playing "litigation gotcha," with fundamentally innocent cookie issues being warped into weapons -- to try extract massive fines and settlements -- when no genuine harm was done to users in the first place.

Ultimately, all the technical details of cookies and JavaScript and the alphabet soup of Web protocols aside, our use of the Internet is based largely on the trust we place in firms to handle our data responsibly.

Whenever I say this, I frequently receive responses that assert, "They're all the same! They're all crooks! None of them can be trusted!"

But this is all demonstrably not the case. Different firms have different management and ethical sensibilities, and attempts to paint them all with the same brush are not only simplistic, but just plain wrong as well.

Of course, it's our individual judgments as to whom to believe, whom to trust, and which firms we choose to patronize. That's true in the Internet world just as in our "brick and mortar" lives away from these display screens.

At the very least, we should strive for these choices to be based on reality rather than conjecture, to be the result of reason and not of reckless rage.

Otherwise, no matter how much false satisfaction we might feel for now, we're all the long-run losers.

--Lauren--

Posted by Lauren at May 19, 2012 10:30 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein