Labor endlessly to protect your privacy online — don’t join Facebook, treat Google like it’s trying to sell you insurance, shun Twitter, Instagram, Pinterest — and you might keep Madison Avenue off your tail.
Short of that, understand that your web habits get tracked by someone who sells them to advertisers.
That’s why you don’t pay dollars and cents to use a search engine, an internet browser or social media. Rather, you pay with data that advertisers crave.
Now the people you actually pay money to for access to the internet — typically your cable company — can get in on the data harvest.
Where does that leave Google in Kansas City?
As an “edge provider” whose business hinges on what happens once you get on the web, Google Inc. faces fresh competition from cable and telecommunications giants free to sell consumer data to advertisers.
But as Google Fiber — the niche subsidiary launched in Kansas City five years ago to prove that whip-fast internet speeds could be delivered to the home — shunning the data-for-dollars game might mean leaving money on the table.
Google isn’t saying much. Days after The Star sent messages to Google Fiber’s public relations team, a spokeswoman said questions about the issue should be answered by Google Inc. Those subsequent queries went unanswered.
Instead, the company issued a two-sentence statement: “Google Fiber values our users’ privacy. We have no plans to make changes to our current privacy policies.”
The company was also notably quiet during debates over whether internet service providers, or ISPs, should be allowed to mine consumer data.
“It was very frustrating that we couldn’t get Google to take a position on this,” said Jeremy Gillula, a senior staff technologist at the Electronic Frontier Foundation. The group had pushed to bar ISPs from collecting and selling information about customer internet use.
Google wrote to the Federal Communications Commission in October arguing that “implied consent” — the idea that data can be shared unless consumers go out of their way to forbid it — “is appropriate. … This model is familiar to consumers, has worked well for them for many years, and contributed to today’s thriving, innovative, and free Internet.”
Near the end of the Barack Obama years, the FCC moved to stop ISPs from warehousing user data for possible sale. Cable and telecommunications giants had largely stayed out of the business in anticipation that the feds would stop them soon enough anyway.
Then, before those rules took effect, Congress and President Donald Trump wiped the limits away.
Now those ISPs can wade into the waters that made Google’s algorithms bloom into billion-dollar profits.
Tech website Recode reports that Google took in $79 billion in ad revenue in 2016, followed by Facebook with nearly $27 billion. Together, one in five advertising dollars on planet Earth passed through the two internet giants last year. Analysts expect online ad revenue to eclipse television buys this year.
Industry groups say there should be more data mining, not less. The ability to transform data about web surfers into advertising income, they argue, built the internet into an economic powerhouse. The Data & Marketing Association said ad-supported internet services pumped $1.1 trillion into the U.S. economy last year.
“This is made possible by the responsible use of data-driven marketing,” industry lobbyist Emmett O’Keefe wrote in a blog post in April. “What are the results of this model? … The most staggeringly successful and innovative economy the world has ever known.”
For years, regulators have been stuck trying to apply rules drafted for old-fashioned hard-wired telephones to the far more complex world of the internet. After a series of court rulings, the Obama-era FCC set pending rules for ISPs. They’d need permission in advance — customers needed to opt in — before the companies could share a range of things such as location, financial and health data, Social Security numbers and web browsing history.
Less touchy data were available for sharing unless customers deliberately opted out. The rules did not restrict what data websites could stockpile. So Google Inc. would be off the hook. Google Fiber, like the cable and telecom industries, would fall under tighter regulation.
New FCC Chairman Ajit Pai said in March that dynamic created “privacy regulations designed to benefit one group of favored companies over another group of disfavored companies.”
This spring, Congress and President Donald Trump ditched that, took the FCC out of privacy regulations, and opened the way for ISPs to harvest data.
Amen, said cable and telecom companies. Much of their objection focused on what they said were onerous regulations that they argued didn’t increase consumer privacy.
The real tracking of consumer behavior, they contended, comes from websites and mobile apps.
“Go to WebMD, and your browsing data is accessed by 24 different companies,” wrote AT&T lobbyist Bob Quinn in a blog post last year. “Add in The Weather Channel, Facebook and CNN and that number leaps to 119. Edge providers, not ISPs, are the clear market leaders in tracking consumers and monetizing consumer online data.”
Cable and telecom companies tend to be coy about their plans to market customer data now that the rules are changing.
“If a customer does not want us to use other, non-sensitive data to send them targeted ads, we offer them the ability to opt out of receiving such targeted ads,” Comcast’s chief privacy officer, Gerard Lewis, said in a post on the company’s website in March.
Charter, the cable behemoth that swallowed Time Warner Cable and now sells under the Spectrum brand in Kansas City, says it’s integrating the various privacy policies after the merger. For now, Charter says, it doesn’t sell web browsing history or share customer information to outside marketers or advertisers.
“In the event that we change these business practices,” it said in a web post in March, “we would provide customers with notice and choice before utilizing such data for marketing or advertising purposes.”
All those company policies are subject to change by the corporations.
There’s some evidence that few customers care about the privacy implications, or at least enough to pay for it. Google’s empire, for instance, was built on an implicit deal: free search, online storage, email, internet browser and the like in return for tracking privileges. Or as the saying goes, if something’s for free, you’re the product.
In 2014, AT&T offered home internet speeds to compete with Google Fiber’s gigabit connections. It sold two varieties. One went for $100 a month with a promise that the company wouldn’t track the to-and-fro of data. The second was priced at $70 with a note that customers’ internet preference would be tracked and influence the ads they were fed.
Few customers ponied up the extra $30 for extra privacy, but amid criticism over the tracking, AT&T in 2016 shifted all those customers to the $70 plan without special data-driven ads. Still, the company said in a statement that “it’s important for companies to be allowed to innovate. … Advertiser-supported programs are always something we’ll consider.”
Privacy purists say the fewer data miners, the better. Some also see a difference between letting ISPs collect data and the longstanding practices of edge providers like Google.
People can explore the internet without using services that track behavior. Instead of finding websites with a Google search, for instance, they can use engines such as DuckDuckGo that promise not to collect personal information or dog you with ads. They can use cloud storage services like DropBox or Kansas City-based SpiderOak instead of Google Drive.
But because you need an ISP to reach the internet, all your traffic moves over its lines. It can track whatever websites you go to. (The alternative is to use a virtual private network, or VPN, but using one requires the know-how to configure your connection, the time to do that and extra fees to the companies that operate them.)
“While there are alternatives to Google and Facebook, most Americans have limited home ISP alternatives,” wrote Evan Dashevsky in PC Magazine in a piece urging people to use VPN services. A tracking OK to ISPs “gives a green light to unescapable corporate data mining. You and your data are captives.”
Those companies selling internet service may ultimately compete on do-not-track promises, said Gillula of the Electronic Frontier Foundation. Kansas City, with more ISPs than most markets, may pose a test. But many homes still have only a single company to choose from.
“The majority of the country doesn’t have more than one choice for high-speed broadband,” he said. “Your ISP spies on you, or they don’t. You’re stuck.”
Some privacy critics worry that by simply compiling data, ISPs create yet another target for hackers or potential evidence troves for law enforcement — yet another cybersecurity vulnerability in your life. Driven by their company policies and remaining federal rules, data collected from your internet use is typically aggregated with that from other consumers, stripped of information that ties it to a name and then sold.
But those privacy measures aren’t foolproof. In 2007, University of Texas researchers Arvind Narayanan and Vitaly Shmatikov demonstrated that by matching movie reviews from Netflix and IMDB, they could identify some people from databases that had ostensibly been anonymized.
“It’s really wrong,” said SpiderOak founder Alan Fairless, “for both sets of companies to be doing this.”