Nope. When you enter someone else’s place of business, you have no expectation of privacy.
That's not true at all. When I go to the hardware store to buy a box of nails, I don't have any expectation for the owner to begin following me around for the rest of the day (and in perpetuity thereafter). I also don't expect the hardware store owner to get on the phone with the grocery store owner and ask him what groceries and personal hygiene products I bought.
Also, the comment originally pertained to the Wall Street Journal, a newspaper. Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?
Expectations of privacy have long been enforced by social norms rather than laws. Since technology has granted corporations the means to do an end-run around social norms then we should expect the law to catch up and fill the gaps.
People may not have had a lot of privacy from their neighbours when living in small towns but they could generally count on their community to care about their well being. This is not the case with online businesses of any sort.
Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?
No, nor did I even intimate that. That's your property, not mine. That suggestion is as ridiculous as the one I was trying to refute. But when you enter my property - be it virtual or phyiscal - expect to be observed using whatever technologies and vendors I want that are legal (with a few obvious legal exceptions, such as bathroom surveillance).
If, to continue with your newspaper example, you took your newspaper into my store and decided to read it there, I am fully within my rights to observe that you did that, watch you to see if you buy something while you're there, and see if others exhibit that same behavior. Depending on the results of that analysis, I might then decide to move the newspapers to the front of the store, near tables, where you can sit and read because I have determined that newspaper readers are profitable customers. There's nothing wrong with that - I've now used data obtained while you were in my store (where you have no expectation of privacy) to improve both your experience and my profitability.
People that want to move this discussion forward need to stop using analogies for things in the physical world, because the interactions between a website and a browser aren't similar enough to anything physical. Every single time someone resorts to analogy in one of these threads, it immediately and permanently devolves into an argument over the details of the analogy.
Browsers run code delivered by websites. It's generally considered impolite, at least, to provide code that mines cryptocurrency on visitors' machines. Most people wouldn't defend serving up malware, either. So there is well-established precedent for arguing that there are things a website shouldn't do to its visitors.
Extensive tracking scripts are now falling into the same category as crypto miners and malware.
The explosion of ad blockers on users' browsers is a direct result of websites pushing advertising tactics way too far and not putting enough effort into the safety of their visitors. Tracking scripts will be next. Firefox has a lot to gain from pushing browser features intended to make it look like a more privacy-conscious browser than Chrome; there are already extensions like Ghostery and Disconnect, and uBlock Origin blocks a number of other tracking scripts too.
If website developers don't accept some kind of middle ground in this discussion, they'll be relying on their access logs for all of their data before long.
>Extensive tracking scripts are now falling into the same category as crypto miners and malware.
That's definitely your opinion, and it is one that is not widely held. How do I know this? Because Facebook's usage - despite a deluge of recent headlines headlines that vastly overstated their privacy issues and made it the poster child for extensive tracking technologies - hasn't gone down. So, roughly 2 billion of the world's Internet users disagree with you.
It doesn't work that way, and I think you know it.
Only 26% of web users in 2016 had installed ad blockers [1]; that doesn't mean you get to say, "74% of web users don't mind advertising and malware".
Facebook announced its first net loss of North American users last quarter. They're expected to post a much larger loss during the Q1 review on Wednesday [2] as a direct result of the Cambridge Analytica scandal.
I guess you can stand steadfastly behind the position that "nobody cares because there are 2 billion users", and ignore the falling metrics for user engagement [3], and the protests (see the picture at the top of [2]), and the senate hearing, and the media coverage, and the millions of Ghostery and Disconnect users who've gone to the trouble of searching for and installing extensions specifically to block tracking, and Firefox's built-in tracking protection. Sure, aside from all that, nobody cares.
But this isn't an issue that's going away yet, no matter how much you want it to.
As for your argument that Facebook usage has dropped as a result of the recent privacy outrage, it has not - at least according to Mark Zuckerberg as of April 10, 2018 [1]. Remember that the outrage of journalists - driven by a desire for clicks - is not the same as public outrage.
Other factors (such as people spending more time on Instagram, or life in general) may have contributed to a decline in engagement prior to the media-driven "scandal," but at least at this point the recent headlines have had no discernible impact.
We'll have to agree to disagree on the rest of your argument. Most of the 26% of users that have installed ad blockers (including myself) have done it not so much to thwart tracking, but to put an end to the poor user experience that many intrusive ads create on web pages. Visit any local newspaper site with your ad blocker disabled to view what I'm talking about. Many sites aren't even usable without an ad blocker these days. I am in the ad blocking-for-user-experience camp...I could care less about tracking. In fact, for the ads that I do see, I like them being highly targeted. I went for years without clicking on a single ad on the web. Only in the last year or two have I found them relevant enough to click every now and then. Since these advertisers aren't given any personally identifiable data by the ad networks, I don't feel any violation of my privacy either.
>I like them being highly targeted ... Since these advertisers aren't given any personally identifiable data by the ad networks
The fact that the ads are highly targeted, and the fact that they are used by many companies, means that you are probably personally identifiable by correlation. They don't need your name. They probably have your locale (to a high degree of precision), your shopping habits, your sexual preference, your education level, your family size and many other details.
And what exactly is wrong with that? So some marketers know that someone in the world likes to do X, lives in a certain place, likes to buy things, etc. It's not tied to your specific identity - it's just a collection of data.
There's nothing inherently wrong with that.
In the first place, your repeated assertion that you are anonymous in the data is wrong. A combination of zip code, date of birth, and gender will uniquely identify 87% of the people in the country [1], and I assure you advertisers have far more detailed information than that. In some cases, they have your DNA. [2]
Secondly, that information is used to influence you. Cambridge Analytica still proudly proclaims, on their home page, that they "[use] data to change audience behavior." Ads on Facebook are being used by different groups to inflame political tensions [3]. The tracking widgets used on nearly every site you visit now means that some company, somewhere, knows everything you're interested in. They are in the business of using that information against you, to their benefit, whether it's in crafting sensational stories with clickbait headlines to get more of your attention, or selling you products you don't need by preying on your insecurities, or just trading it for money to other companies who will use it in new and creative ways -- like CA, who specialize in tilting voting behavior. [4]
Thirdly, you're counting on advertising firms having perfect security and never accidentally giving your information away to people who shouldn't have it. Advertising companies just don't have good history when it comes to data security [5] [6] [7].
People seem happy to ignore the ramifications of all of this, because it's not like they're feeling physical pain or discomfort or noticing any other immediate negative effect when more tracking data is collected or they see another ad. But this is a form of psychological warfare, and at least some of this stuff is designed to corrupt your thinking, to get more of your attention and change your opinions about things and convince you that it's all very harmless.
We've strayed away from tracking data and into advertising, but they are two sides of the same coin.
You obviously feel very passionate about this subject, so there is no point in attempting to convincing you to change your opinion, other than to reiterate that it is not a commonly held opinion.
I did want to respond directly to one of your points that is dead wrong. With regard to this statement:
>Secondly, that information is used to influence you. Cambridge Analytica still proudly proclaims, on their home page, that they "[use] data to change audience behavior." Ads on Facebook are being used by different groups to inflame political tensions
There has been no scientific evidence that CA, the Russians, or anyone else was actually successful in their efforts to use Facebook to influence the election or "inflate political tensions". In fact, CA's own customers say that it didn't work [1]. This whole thing was a manufactured controversy.
You confused my statements regarding CA with a separate issue regarding political ads on Facebook, covered in the Reuters article I cited (which didn't mention CA at all).
If CA were a "manufactured controversy", I think HN would've cottoned on to that quite a while ago, rather than the various comments (among thousands on the topic now) expressing surprise that people are suddenly paying attention to this:
I'm not, by the way, providing any of these links in my comments to try to change your mind. I realized several comments ago that you've got an entrenched and unmovable opinion that pervasive user tracking on the internet is no big deal. I've been providing these links for anyone else reading who might be interested in the topic.
The various analogies used in this thread lead to contradictory conclusions because they start from different places:
Should browsing the Sears website be more like reading a Sears catalog in your own home, or more like physically walking into a Sears store? It's clearly got some aspects of both.
You can't just assume one is the "right" view and then use that to argue your point, because once you boil it down that's precisely the thing you disagree about.
EDIT: I see thaumaturgy made essentially the same point in a sibling comment.
Does HomeDepot.com get to see where else you go on the Internet because they have tracking code on their site? No, they do not. They cannot obtain this data from the major tracking vendors (Facebook, Google etc.) either. Granted, the vendors themselves can often see cross-site behavior, but the individual sites using these trackers cannot and aren't given access to this information.
I agree with the other comments that the analogies kind of hide the ball on the real issues here. But in this case, I think it's more like Home Depot putting up security cameras that send all the footage of you to the camera manufacturer. In turn, that camera manufacturer runs facial recognition to automatically combine your Home Depot activity with your activity from all other business that use their cameras (which is 1/2 to 3/4 of the business you visit [1]), including the pharmacy, gas station, grocery store, bank, etc. Oh, and the information at the registers integrates with the cameras as well. And then the camera manufacturer sells your aggregate, combined data to advertisers who then set up shop at kiosks in the stores (the kiosks are owned by the camera manufacturer by the way), so that they can sell you stuff while you're there. And if the kiosk in Home Depot can't get you to buy something, they'll just get the kiosk at the bank to continue where they left off.
That's not true at all. When I go to the hardware store to buy a box of nails, I don't have any expectation for the owner to begin following me around for the rest of the day (and in perpetuity thereafter). I also don't expect the hardware store owner to get on the phone with the grocery store owner and ask him what groceries and personal hygiene products I bought.
Also, the comment originally pertained to the Wall Street Journal, a newspaper. Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?
Expectations of privacy have long been enforced by social norms rather than laws. Since technology has granted corporations the means to do an end-run around social norms then we should expect the law to catch up and fill the gaps.
People may not have had a lot of privacy from their neighbours when living in small towns but they could generally count on their community to care about their well being. This is not the case with online businesses of any sort.