Download Give Users Back Control over their Data

Position Paper Give Users Back Control over their Data Give Users Back Control over their Data Position Paper Evangelos Markatos FORTH and University of Crete [email protected] Motivation: The erosion of privacy Over the past few years we have been witnessing the erosion of user privacy on the Internet. On‐line sites, advertisers, and trackers, steadily and relentlessly accumulate personal data: which web sites users access, what kinds of news they read, what videos they watch, what kind of music they listen to, what books they read, and so on. The collected data about web users may be shared and re‐processed over and over again across several different organizations both in real‐time and off‐line at a later stage. At the time of this writing (end 2015) it is not uncommon for a web page Imagine walking into a local store where the owner to include tens of different trackers sticks on you a tracking device – a badge, which can which are informed each and every track you down every time you visit the store – or time a user visits the web page. For any other store in town for that matter and look at example, recent research 1 suggests an item on display! that the home pages of popular This is exactly the offer most web users are being newspapers load between 30 and 60 given today on‐line! trackers in their home page. To make it simple, every time a user visits the home page of these newspapers, about 30 to 60 trackers are informed of this visit. To continue monitoring the user after leaving the newspaper web site, these trackers usually supply each user with unique cookies which will later follow the user all over the Internet. Thus the trackers will be able to track the users’ browsing behavior even when the users browse away from the newspaper web site. 1
http://www.mondaynote.com/2015/07/20/20‐home‐pages‐500‐trackers‐loaded‐%E2%80%A8media‐
succumbs‐to‐monitoring‐frenzy/ 1 Position Paper Give Users Back Control over their Data The problem: when did trackers become so prevalent? Over the past few years we have seen trackers become increasingly prevalent. Lots of web pages out there load tens of trackers, and provide their users’ data to the trackers. Unfortunately, it is not clear how much more this model can be sustained. It is not just the loss of performance that slows down access to tracker‐loaded web pages; it is not just the sharing of the browsing histories with advertisers that may pest web users with ads; it is not even the persistent cookies which are difficult, if not impossible, to delete; it is the loss of trust between the users and the content providers that comes when users realize that their data and browsing history are delivered to trackers they have never heard of.2 Such users will probably resort to ad blocking reducing the revenue for trackers and avertisers. Indeed, recent data suggest that more than 21 billion US dollars are expected to be lost in 2015 due to ad blocking.3 The Solution: is there a middle ground? When trackers became more prevalent, users responded with ad (and cookie) blockers: they install specialized software that blocks all tracker information and all tracking cookies. Although, this protects web users from being tracked, it is not clear that it leads to a sustainable business model for the web. Indeed, if every Internet user blocks all cookies and all advertisements, this may have a significant impact to the sources of revenue for the Internet service providers and may lead to a completely different web from what we currently know. It is possible that these extreme approaches that we see today may lead to a race between trackers and blockers: trackers will become more sophisticated in tracking using technology well beyond cookies, blockers will respond by blocking even more information, trackers will respond back with even more covert tracking, blockers will respond again, and we will probably get involved in an endless cycle. Instead of playing a tug‐of‐war between trackers and blockers, we propose to explicitly acknowledge each other’s needs and try to benefit each other by capitalizing on their common interests: 
Trackers should be more transparent: they should clearly state what kind of data they need and refrain from collecting more. Trackers should provide incentives to users to convince them to share their data. Such incentives may be bonus points, purchase 2
It is true that several (if not all) of these web sites ask the permission of their visitors to use cookies. Unfortunately, if the user does not provide his/her permission, the web sites just do not function anymore. It is like going to a local store where the owner asks for your permission to tell his/her friend that you visited and to provide you with a badge that can track you when you go to other stores in town: you may refuse the badge, but then you will not be allowed to enter the store. This is exactly where we are with respect to web tracking today! 3
https://pagefair.com/press_release/pagefair‐2015‐report/ 2 Position Paper 
Give Users Back Control over their Data discounts, coupons for future purchases, etc. Trackers should be encouraged to compete with each other for the user’s data. This will create a transparent healthy market that will provide users with clear choices. Users will be provided with a wide variety of options including: (i) block everything (much like today’s cookie blockers do that block all cookies requested by the user), (ii) share everything (much like today’s web operates where once the user clicks “I agree” receives all kinds of cookies), or (iii) explore the middle‐ground. In this middle ground, users might take advantage of offerings provided by trackers and might be willing to share some of their data, especially, if the offerings look like opportunities the users have encountered in the past. For example, lots of users use super‐market loyalty cards. Such cards offer users specialized discounts, coupons, and a variety of offers. Lots of super‐market customers are happy with these loyalty cards and use them on a regular basis. Even better, those customers who do not want to, can just not use the loyalty cards.4 Next‐generation trackers may follow a similar approach to the benefit of their users. Policy Recommendations: 

Support Research in the area of Privacy and Data Transparency. Currently there is very little transparency on the web today. Users are asked for their data but do not know which data exactly will be collected and what will they be used for. This research will allow users to get real control of their data and will create a healthy open market where trackers will be able to transparently use the data provided by the users. Require web sites to provide service even to users that refuse to accept third‐party cookies or any other third‐party tracking information. Currently, if users do not consent to accept the provided cookies, they receive very poor service, if any at all. Such poor service would not be tolerated in real life situations. For example, most of the services we take for granted (e.g. hotels, restaurants, stores, etc.) in real life cannot refuse their services unless they have a very good reason. Maybe what we take for granted in real life should also be enjoyed by all citizens in cyber space as well. 4
Imagine walking into a real brick‐and‐mortar super market today where the first thing you notice is a barrier reading “This super‐market uses loyalty cards”. Imagine not being able to walk past the barrier unless you say “I agree”. As absurd as it may sound, this is exactly where most web sites are today: people just cannot get passed the home page of most cookie‐using web sites unless they click “I agree”, “I get it”, or something similar. 3