Online Privacy Issues
We receive many questions asking us about what tracking services can and can’t do, questions about ‘online profiling’, ‘digital blueprints’ and leaving a ‘data trail’. We have posted numerous articles on the site explaining what tracking services can do.
In this article you will find definitions of:
- Merging clickstream data & personal information
- Personal contact information
- Personally identifiable information
- 'Computer information'
- Internet protocol (ip) addresses
In this article you will find discussion of:
- Why we wrote this article
- Collecting clickstream data
- What is done with this data
- Capturing email addresses
- Tracking of individuals
- The trade-off in privacy
We receive many questions asking us about what tracking services can and can’t do, questions about ‘online profiling’, ‘digital blueprints’ and leaving a ‘data trail’. We have posted numerous articles on the site explaining what tracking services can do. In this article, we explain what tracking services, and Opentracker in particular, cannot do.
Privacy is an important topic on the internet. Much of the discussion is characterized by hype, and preys on fear. This is apparent from looking at the wide range of ‘spyware protection’ products available on the internet, and the language used to promote these products. Without knowing the realities of how their surfing patterns are tracked, and what is done with that information, many internet users are understandably concerned.
The essential point repeated throughout this article is that by far the vast majority of information collected is in no way connected to personal contact information.
The primary reason for this is that email addresses are not transmitted by surfing.
What is the purpose of this article?
We have written this article, in the hopes of providing information to increase public awareness of what is done with tracking information.
The specific issues we address are anonymity, email addresses, and personal contact information.
Privacy is a topic of great concern on the internet. This is especially the case as many privacy and surfing issues are non-regulated.
At the moment technology is changing very quickly, so that it is difficult for rules and procedures to be established and enforced, as change is the only constant. Perhaps the greatest cause for concern is the unknown. Surfers do not know when and if they are being tracked, who collects that information, how it is done, and for what purposes.
We hope that by explaining what tracking services in general, and Opentracker in particular, can and cannot do, that we can help to dispel some myths. We feel that fear, while a good way to sell protection products, is not a rational basis for developing privacy guidelines or stimulating discussion. Technically speaking, the 'anonymous surfing' that many protection products guarantee is already the status quo.
Of course there are many legitimate security concerns, particularly in terms of viruses, but in terms of privacy the dangers are often over-hyped. The primary concerns, as we see them, are information security, in terms of safe data transferal, back-up, and storage of data, and the encryption and safety of information such as credit card info, passwords, etc.
The main information that tracking services collect: clickstream data
In terms of individual information relating to surfing habits and patterns: clickstreams, or click-paths, comprise the essential data that we collect.
The clickstreams that we record on behalf of our clients are not attached to physical or electronic contact information of the people who are visiting the websites. In other words, there is no information that connects people to the statistics we are recording. We do not collect email addresses of surfers. This means that there remains an essential element of anonymity.
The possible exception to this is the IP (internet protocol) address. IP addresses, however, are owned by companies and the ISPs who provide them to their customers. This means that in the great majority of cases this information cannot be used to locate a specific user, unless the ISP itself, or company, make that information public.
The clickstreams that we collect are coupled with a visitor’s profile. Each profile contains technical stats of visitors, also known as ‘computer information’. Computer information is different from ‘individual profiling’ and ‘online contact information’. Computer information tells us the technical specifications of a user’s browser: their screen resolution, operating system, router, ISP, etc. This information is not linked to personal contact information.
On our site, we provide a link to ARIN a public IP lookup database. The contact information provided by ARIN can put you in touch with the owner of the IP address of your visitor. Most often, this is the ISP corporation that owns the IP number. The exception is larger companies that do not outsource their internet infrastructure.
We have provided an example of a clickstream and personal profile to the right, which you can enlarge by clicking. If you would like to interact with a clickstream, please login to our demo and take a look. For starters, you will able to see your own clickstream across our site.
Capturing email addresses
The question we receive most is about the possibility of capturing the email addresses of people who surf on a website. As far as we know: it is not possible to automatically collect the email address of a person who surfs to a website. That does not mean that this technology does not exist, or that somebody is not developing it, but that we have not heard about it.
The technical reason that we are not able to capture a visitor’s email address is that this piece of information is not listed in a user’s browser. The information that tracking services record comes from the user’s browser.
What can and does happen is that a person voluntarily enters their email address for one reason or another. The obvious examples are logging in, entering contact info for an online purchase, signing up for newsletters, and "unsubscribing" to spam. Again, to our knowledge, this is the only way that email addresses are captured.
It is possible to purchase email address lists that have been compiled by companies who sell this information.
As a precaution, if you are concerned with your privacy, setup an email account that you always use to fill in a required email field, if you are not sure where the information is going. Do not connect your physical contact information to this email address.
It is important to keep in mind the possibility that once a person has entered their email at any point into a site, their email address can be stored with their clickstream in a process called tagging. This means that a connection can be made between, for example, login info, and clickstreams. This possibility would lead to a direct connection between surfing habits and personal contact information. That means that Amazon.com, for example, have the potential to keep a record of every page a visitor has looked at on their site, and combine this information with purchase history, and billing details.
An important aspect of this potentiality to remember is that each site can only see what visitors have done on their site, not across the entire internet. That means that the internet is still highly compartmentalized, in terms of tracking surfers.
What happens in the scenarios presented by privacy advocates is that ‘personally identifiable information’ is collected so that ‘online contact information’ (email address) may or may not be merged with ‘physical contact information’ (billing address). This is called ‘merging clickstream data with personally identifiable information’. This is an understandably worrying scenario presented by privacy advocates, in which a person might receive a catalogue in the mail advertising similar products to those viewed online. In this sense, it seems to be sexual products and information related to adult-content websites that calls for safeguards to individual privacy.
So what is the information that we collect designed to do?
The scenario presented above is a worst-case scenario. In the case of Opentracker, there is no personal contact information linking a particular person or email address to a clickstream. We do not collect email addresses. The only personal piece of information captured is the IP number. IP addresses are owned by the companies (i.e. aol, sprint, earthlink) that provide them to their customers. Additionally, some companies and corporations are introducing round-robin IP numbers, whereby IP addresses are re-assigned on a regular basis.
This means that in the case of tracking services similar to Opentracker, the user’s anonymity is preserved. Anonymity is defined as a condition in which ‘your true identity is not known’.
The information that we collect on behalf of our clients is designed to be aggregated and used to identify traffic patterns. This activity is referred to by one privacy group as ‘affirmative customization’. We do not engage in ‘individual profiling’, nor do we provide ‘online contact information’.
The information that we collect and present is passively generated by users browsing through the site’s of our clients.
The information that we collect is designed for various purposes. Essentially, it tells webmasters what is happening on their sites. The information is designed for purposes of marketing, advertising, updates, ad campaigns; essentially content management. By studying clickstreams, webmasters learn which pages are important and which pages need help. They learn about their traffic, i.e. what countries it comes from. The data is aggregated to give a lot of averages: average number of pages viewed, time spent, etc.
Additionally, we do not sell, lease, trade, etc, the information that we collect to anybody. It ‘belongs’ to the webmasters of the sites that we measure.
Tracking of individuals
Specific to individuals, we track visitors over the long term. That means that for each visitor to a site, we maintain a record of every click they have made on a website. We can only do this for the pages on which our code is installed. It is possible for webmasters to inspect these clickstreams, and see what an individual did over many months. The only ‘name’, or ‘tag’ that these visitors have is the time of the last click that they made.
Therefore, technically, visitors remain anonymous, as there is no contact information linking a person to their clickstream. Visitors remain statistics collected together into aggregated site stats. These site stats reveal, for example, that the average visitor comes to a site’s homepage 2 times a week, and stays there for X amount of time.
The trade-off in privacy
This is a quote from a privacy advocate group:
"However great the potential benefits of online tracking, they remain incomparable to the grave implications of Internet users' loss of privacy."
While we acknowledge the potential for concern. We feel that by using the aggregated statistics that we provide, our clients can make their websites responsive to the surfing and clicks made by their visitors. The point here is that the internet can become increasingly interactive, when traffic statistics and analysis are applied. If webmasters do not know what is happening on their sites, there is simply too much guesswork involved.
Obviously there is a very real concern for a lot of people that their privacy is somehow being abused. We would like to respond to these concerns, primarily through education, but also by opening up a dialogue on any related questions or ideas. Please feel free to write to us, or post any feedback on our forum.