NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] The Somewhat Strange Saga of Twitter's New Tracking

              The Somewhat Strange Saga of Twitter's New Tracking


You may have noticed an array of articles in the media last week
proclaiming that Twitter is now supporting the "Do Not Track" Internet
browser initiative.

The U.S. Federal Trade Commission (FTC) was talking about it. Even the
White House about this yesterday ( http://j.mp/M549ed ).

Regular readers may know that I've become rather dubious regarding the
essential value of "Do Not Track" as currently being envisioned and
implemented (e.g. "Do-Not-Track, Doctor Who, and a Constellation of
Confusion" - http://j.mp/kzePq4 ), particularly as this is frequently
entwined with the senseless "demonization" of Web cookies ("Google, Safari,
and a Clamor of Cookie Confusion" - http://j.mp/xGZRcT ).

Just yesterday we heard about a $15 billion dollar class action
lawsuit against Facebook, related to cookies and tracking.  Now, I'm
most definitely no friend of Facebook -- I refuse to even use them
other than maintaining placeholder accounts -- but this lawsuit
appears to be ludicrous, blatant litigation abusive opportunism in

My view on cookies in this context is fairly simple.  I find it
disingenuous to attack cookie usage when no actual, purposeful, or
significant privacy-related harm to users has occurred.

Which brings us back to Twitter and Do Not Track.

With all the talk of Twitter now supporting Do Not Track, I wonder how
many people stopped to think, "Wait a minute, what is Twitter tracking
in the first place for which Do Not Track is even relevant?"

The focus on Do Not Track had the effect of de-emphasizing the fact
that Twitter has now begun to deploy a broad, cross-site tracking
regime, which will track and correlate your visits to non-Twitter
sites that include (for example) Twitter-related buttons or other
elements, as part of new system to make Twitter follower suggestions
and provide additional upcoming features.

In other words, Twitter's new embrace of Do Not Track is in
conjunction with default enabled, cookie-based tracking that they
weren't doing at all up to now, a fact that was not highlighted (or in
some cases even mentioned) in most of those stories and articles about
Twitter last week.

Now personally, I feel that Twitter itself is handling this in a
responsible way.  Twitter has provided various mechanism to opt-out of
their new cross-site tracking.  You can use the browser Do Not Track
mechanism if you wish (though I continue to consider that suboptimal
for various reasons).  You can opt-out via your Twitter profile.  You
can log out of Twitter (this stops tracking until you log back in).
Twitter also says they will start deleting your detailed tracking data
after about 10 days from collection. Twitter has also been proactive
telling people about this, sending out email notifications.

So I have no problem with the functional structure of Twitter's new
tracking system itself.

Still, it is very similar in essence to the sorts of tracking systems
for which Google, Facebook, and others have been criticized.
Twitter's system, like those others, is opt-out in nature rather than
opt in, though in reality this distinction is much less clear-cut and
much more complex than most people assume (see "Opt-In Dystopias" - 
http://j.mp/c3VQiX [Lauren's Blog] ).

It is understandable that promoters of Do Not Track chose to emphasize
that aspect of Twitter's announcement, rather than the new tracking
system that Twitter is deploying.

And again, I think that Twitter is handling their new initiative in a
responsible manner.

Yet I do feel that it is important for us to understand the essential
commonalities in these systems, whether from Twitter, Google,
Facebook, or anyone else.  We should not be playing "litigation
gotcha," with fundamentally innocent cookie issues being warped into
weapons -- to try extract massive fines and settlements -- when no
genuine harm was done to users in the first place.

Ultimately, all the technical details of cookies and JavaScript and
the alphabet soup of Web protocols aside, our use of the Internet is
based largely on the trust we place in firms to handle our data

Whenever I say this, I frequently receive responses that assert,
"They're all the same! They're all crooks!  None of them can be

But this is all demonstrably not the case.  Different firms have
different management and ethical sensibilities, and attempts to paint
them all with the same brush are not only simplistic, but just plain
wrong as well.

Of course, it's our individual judgments as to whom to believe, whom
to trust, and which firms we choose to patronize.  That's true in the
Internet world just as in our "brick and mortar" lives away from these
display screens.

At the very least, we should strive for these choices to be based on
reality rather than conjecture, to be the result of reason and not of
reckless rage.

Otherwise, no matter how much false satisfaction we might feel for
now, we're all the long-run losers.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list