[Feature Story]
[Do you trust the Web?]
by
David Sims
Managing Editor


Do you trust me?

If I tell you about new Web development tools and recommend some over others, will you believe me?

Now suppose I ask for some information about you: what's your name? Your job title? How much money do you plan to spend on your Web site in 1997? Are you looking to buy Java development software?

Now we're into a whole new area of trust, one where I'm asking for information that I may want to use or pass along to others, such as advertisers. Do you trust me with that information?

Do you trust the Web? Share your thoughts here.

[Web Board]

First time users need to make up a name and password.

A new survey from Georgia Tech's Graphics, Visualization and Usability Center reports that many Web users are suspicious of Web site publishers and hesitant to provide personal information online, especially where it's not clear how that information will be used.

In addition to finding that growth of the Web may be slowing (whew!), GVU found that privacy was the Number Two concern (26%), behind censorship, and ahead of navigation issues. Women rated privacy as their top concern. (Almost one third of the respondents were women; the average age was nearly 35 years old.)

GVU says more than 15,000 Web users responded to its Sixth WWW Survey, drawn to it by ads and posts on the Web in the fall of 1996.

Some critics on the Usenet say the GVU survey overrepresents more savvy Web users, rather than mainstream surfers. The high average age (nearly 35 years old) and high median income ($60,000+) may suggest these were mostly professionals with some connection to the computer industry.

Many of those who responded say they avoid Web sites where they must register.

Why don't they register?

  • 70% said they didn't know how the information would be used,
  • 66% said the risks outweighed the benefits, and
  • 39% didn't want to take the time.

What's more, one third of those polled had falsified information when registering for a Web site.

James Pitkow -- graduate researcher at Georgia Tech and visiting fellow at Xerox PARC -- says the survey reveals some interesting misconceptions.

"People are not tremendously educated about the information that's being collected," Pitkow says. "There's a disparity between what people think can be logged, what can be logged, and what they think should be logged."

Find out what cookies are, and what kind of data they can collect about you.
"Christmas Cookies Anyone?"
Web Review
December 20,1996
Specifically, as the Web audience grows beyond its traditional user base of academics and early adopters, the mainstream audience is increasingly unaware of the amount of data that servers are gathering about them.

Most people who took the survey agreed that publishers should have the right to log which pages were accessed and when, but less than half thought it was okay for servers to note the type of browser accessing the page -- a fairly common feature of most traffic programs. What's more, less than a quarter of users thought it was okay to collect more sensitive data, like the user's email address and location.

Tracking Footprints

DoubleClick's ad network

Forrester Research's report predicting the growth of advertiser networks. (BTW, you must register to read it :-)

What does this mean for publishers and advertisers who are building elaborate systems to track users and collect demographic profiles? The DoubleClick Network is a good example: a grouping of Web sites that share advertising resources, and across which a single user can be tracked and monitored.

DoubleClick says it uses a proprietary technology called Dart to register and track unique users visiting sites within its advertiser network (60 sites, including the Alta Vista and Lycos search engines, the Web Developers Virtual Library, MapQuest, Travelocity, Gamelan, and the Internet Movie Database). By doing so, DoubleClick says it has "compiled the most comprehensive Internet user profile database" allowing it to "dynamically match advertiser-selected target profiles with individual user profiles and dynamically deliver an appropriate, targeted banner."

DoubleClick doesn't track you by your name or email, but it does assign a number to you based on your computer's IP address. So they may know a lot about you, even if your name isn't part of it. Is that privacy?

Intermind Intermind, which collects demographic data from users when they register to download the Intermind Hyperconnector (which lets them subscribe to updates), says it only resells the information in aggregate, not in any personally recognizable from. Recognizing that gaining trust is a key way to win over subscribers, it has contracted a Big Six accounting firm to audit them.

Opt Out

Electronic Privacy Information Center

Center for Democracy and Technology

Electronic privacy advocates like the Electronic Privacy Information Center and the Center for Democracy and Technology want Web sites to notify users about what information is being gathered (and how it will be used) at the front door of their sites. Intermind, for example, asks for some demographic information when you register, but it tells you how the information will be used. On the other hand, you might surf from Alta Vista to the Internet Movie Database to Gamelan, and never be aware that you have been logged into the DoubleClick system.

"DoubleClick doesn't have personal information on you," Pitkow says. "But as a consumer, were you able to make a decision about whether you wanted to participate in their system?"

One way to guarantee privacy is through some form of government regulation. Last June, the Federal Trade Commission held a two-day hearing to explore the issues of online privacy, hearing from business and the privacy advocates. The FTC released its report on the hearings earlier this month, saying that while there's a broad acceptance of the importance of online privacy, opinions differ on whether government regulation is necessary. Generally, industry representatives say it isn't necessary, but consumer advocates say these technologies are inadequate without some governmental regulation.

The FTC's report on its June hearings, "Consumer Privacy on the Global Information Infrastructure." EPIC says the FTC sidestepped the important issues of anonymity, spamming, and selling information to third parties. The FTC has suggested more hearings, but none are scheduled.
HR 98, The Consumer Internet Privacy Protection Act However, a bill has been introduced that would make it much easier for consumers to own the data that Web sites collect on them. Rep. Bruce Vento (D-MN) introduced HR 98, the Consumer Internet Privacy Protection Act of 1997, on Jan. 7.

The bill prevents "interactive computer services" (including Web sites), from disclosing any personally identifiable information to a third party without written consent from the consumer.

Web sites would have to make their records available to anyone in them, and allow them to verify and correct the information. The FTC would have the power to enforce the law. It could shut down any Web site that breached its responsibilities, and consumers could take civil action.

eTRUST's Commercial Solution

eTRUST

Read Dale Dougherty's November 8, 1996 IMHO column, "Increasing Privacy, Decreasing Anonymity."

Threats of restrictive legislation have a way of kicking private industry into gear. (Witness the new TV show ratings.) Out of this discussion of lack of trust, the eTRUST initiative has emerged, aiming to place trustmarks on Web sites -- Seals of Good Secret Keeping, as it were.

eTRUST aims to put one of three recognizable icons on major Web sites, each of which tells the user what level of privacy they are guaranteed at that site. The three levels are:

  • No exchange (users are anonymous -- except, of course, for billing purposes);
  • One-to-one collection (the site may collect personal information, but they won't disclose it to anyone else); and
  • Third-party exchange (which means, they're selling or giving your information to others, with your permission).

Participating sites would be audited, either universally or on a spot-check basis. The program's backers include the Electronic Frontier Foundation, Coopers & Lybrand, the Boston Consulting Group, and CommerceNet.

Lori Fena of the Electronic Frontier Foundation, says the pilot program for eTRUST has launched with 40 participants -- and 400 more sites waiting in the wings to apply.

The goal is to standardize the disclosure process, so users understand how their data will be used. Fena says when users trust a site, they often don't mind giving up their personal information -- which they know is valuable to publishers and advertisers.

"People are more concerned about how it is going to be used than what information is being collected," she says.

It remains to be seen if that disclosure will be enough to convince skeptical Web users to open up and divulge the personal and demographic information that publishers and advertisers crave.


Do you give out personal information to Web sites?

If not, why not? Let us know.

[Web Review Contents]


Web Review copyright ô 1997 Songline Studios, Inc.
Web Techniques and Web Design and Development copyright ô 1997 Miller Freeman, Inc.
ALL RIGHTS RESERVED