By Michael K. Campbell, September 4, 2008
The Microsoft Internet Explorer 8.0 team recently announced a new feature called "InPrivate Blocking," which curtails the amount of information you share with third parties about your browsing history. Personally, I can't tell if this new feature is designed to induce fear, uncertainty, and doubt (FUD) or if it's a decent idea. It looks like an oblique attack on Google. This month Google released a new browser (Chrome) to critical acclaim, but some of the data it will collect has me a bit paranoid. Does it sound like I'm contradicting myself? Very well, I contradict myself. Hear me out as I sort through the conflicts I'm experiencing over these modes of collection and protection.
My thoughts on Privacy
Unlike most topics, my thoughts on privacy aren't black and white.
On one hand, I believe that it's none of my business what someone else does, as long as they're not endangering me or society. Accordingly, I don't think that what I do should be anyone else's business (as long as those same conditions are met). For me, I want those same principles to extend to the behavior of government, big business, or anyone else. And I'm quite protective of anything that would seek to infringe on my rights or anyone else's.
I think there's more than one way to react to how privacy relates to security. Different people want to protect different things. I remember a cultural comparison from college that sheds some light on differing notions of privacy. It goes something like this: imagine two women from two different cultures on vacation on a beach. The woman from one culture might use a towel to cover her body from prying eyes, whereas a woman from the other culture might use the towel to cover her face and protect her identity. Their behavior is based on the type of privacy that's most important for them to protect. This comparison reminds me of today's debate over browser use privacy. I'm a bit squeamish about my data being collected and analyzed, but as long as that data collection process is anonymous, then I really don't care, because the data isn't directly associated with me. So let's see how this data collection works in IE8 and in Google's Chrome.
IE8's Privacy Ruse
IE security has come a long way. In fact, it's hard to believe it's the browser I swore off of a few years ago because of the problems it was causing. But part of me wonders if the new security solutions haven't gone a bit too far, especially InPrivate Blocking. Some have hailed it. I think that at best it's just feature creep, and at worst it looks like Microsoft is trying to play the privacy card a bit too hard. Or, maybe it's an attempt to try and thwart Google. I think that this security maneuver really won't accomplish anything—except to disrupt content-based advertising.
In other words, so what if some advertising network knows that I've been to a bunch of different sites? Unless they're able to tie my identity to that information and start using it to call me at home, or do something nasty with the information, I could really care less if they're just trying to make the ads I see a bit more enticing. And the only way for them to tie me to that information would be to get into cahoots with my ISP to root out my IP address, or to entice me to somehow give that information up. So, like the woman who covered her head with a towel, as long as my identity isn't revealed, I don't really care because my privacy is maintained through anonymity. I also think that Microsoft realizes this because they're not putting the kibosh on third-party cookies altogether, they're just arbitrarily limiting the number of sites (10) those cookies can track you over. If Microsoft really wanted to protect the privacy of users, they'd make it much easier to see what kind of data third-party plug-ins and ActiveX browser toolbar add-ons are sending from your browser to what might be truly spooky sites when it comes to privacy.
Google Enters the Fray
Google's entry into the browser wars strikes me as very logical. Their business model is web-centric, and browsers are playing a key role in terms of general application development. From what I've seen, it also looks like Google intends to compete—not just offer lip service. I'm impressed with Chrome's non-cluttered UI and its very fast page-rendering engine.
But as a content provider, or author, I'm quite concerned about a mysterious clause that was left in the browser's EULA. My hunch is that the clause is either just boilerplate, or some form of legalese (that needs to be rewritten) designed to prevent Google from being sued for indexing and displaying links to content. And assuming that's the case, as a content provider, I have no issues with Google's new browser. In fact, because I'm starting to dislike the way IE8 is shaping up in terms of targeted advertising, I'm hoping Chrome takes off and sees huge adoption.
However, as an end-user, I can't help but be concerned about potential privacy problems discovered by one astute reader of the EULA. Some people might be freaked out that Google can now record the names of the sites (actually the full-blown URLs) visited, but that really doesn't bother me. Of course, when I say that, I assume that my identity won't be linked to my behavior. Not that I have anything to hide, but, rather, it's no one else's business what I'm doing or what sites I'm visiting.
I start to worry when Google mentions using a unique application number for my use of the application to gather information on updates and usage information. It seems to me that it would be too easy for that information to somehow be used to reveal my identity. When I start thinking like this it produces a cascade of concerns—if I'm worried about Google releasing my identity, then shouldn't I worry about what my ISP knows about me as well? The web is a ubiquitous presence in our lives. When is it sensible to be concerned about privacy, and when does sensible worry cross the line into paranoia?