The topic of privacy in behavioral targeting seems to come in waves. One minute, it’s all anybody talks about, and you’d think the entire infrastructure of the Internet would come crashing down if somebody didn’t solve this problem right quick. The next minute, it seems we’ve got a ‘Don’t ask, don’t tell’ policy, and the issue gets shunted to the back burner.

Just recently, we’ve been squarely in that first phase, starting with

Anecdote 1: Elyse Tager’s piece Privacy and Behavioral Targeting Heat Up at ClickZ.

Elyse talks about the challenges faced by cookie-based behavioral targeters who use historical information to infer future behavior:

NebuAd launched with all best intentions, attempting to address the issue of scale with its now huge network — a major disadvantage for behavioral targeting in most cases. Plus, NebuAd has a robust privacy policy addressing consumer concerns directly.

But last week, two of those ISP partners backed out of the relationship. Charter Communications announced it was withdrawing due to subscriber concerns. CenturyTel is pulling out after the warnings from Reps. Edward Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, who said the technology “raises several red flags.”

The red flags in question have to do with the amount and detail of data being collected about individuals. It’s a problem endemic to targeting solutions that rely on knowing as much detail as possible in the hopes that the behaviors will be repeated.

Tager points out two solutions being proffered: data portability and predictive modeling.

Another solution, which I covered in earlier columns, is predictive modeling to better target behavior. Companies such as aCerno and Epic Advertising use advanced algorithms and technologies that don’t rely on cookies to establish inferred behavior, which is less intrusive and far more predictive of future behavior, according to these suppliers.

As you’ll know if you read this blog with any regularity, VortexDNA relies on a predictive modeling approach.

Personally, I believe data portability is only a solution for the technological elite. It is simply not feasible to ask my mom to manage her data.

The FTC is pushing for self-regulation. If the issue were between the Market forces, on the other hand, will make a difference. NebuAd’s ISP partners backing out will make a difference. Will it be enough, though? Congress might not think so, which leads us to

Anecdote 2: Heather Green’s piece Congress to Push Web Privacy at BusinessWeek.

On the second page of the article, Green mentions The Center for Democracy and Technology’s desire for a Do Not Target list (along the lines of the Do Not Call list). What she doesn’t mention is the obvious problem with such a list: in order to not target you, they have to know who you are. So you have to register in some way, giving them the very information you’re hoping to keep from them.

She closes with an apt comment on the benefits of federal privacy legislation:

Some in the industry think that legislation might be the way to set a common standard and avoid inconsistent, piecemeal legislation on the state level. Microsoft came out in 2005 in favor of federal privacy legislation and thinks others are beginning to agree. “Companies are coming around to the notion that it’s not only compatible with their business practices but [that it] can help them by enhancing consumer trust and making compliance more streamlined,” Microsoft’s Hintze says. Microsoft advocates privacy baselines that cover not just the online collection of data, but offline collection as well.

David Hallerman, analyst at researcher eMarketer, says legislation would go a long way toward assuaging fears of advertisers who fret consumers don’t want their privacy compromised. He says that if an online privacy law were passed, “the benefit would be there for advertisers, publishers, and the public.”

Given public concerns about privacy, I tend to agree with Hallerman. Allow companies whose practices are aboveboard the opportunity to be recognized as such. I like that Microsoft is getting behind it. Google seems to be going in a different direction, as evidenced by

Anecdote 3:Wendy Davis’ piece Polish On Google?s New Chrome Tarnished By Privacy Questions at the Daily Online Examiner.

So Google is finally trying to take the battle to the Microsoft-controlled browser terrain, instead of just hanging out comfortably on the high ground of search and letting Microsoft lose battalion after battalion in a series of poorly-planned attacks. According to Davis, though, the new browser is a long way from offering any privacy benefits:

…the browser raises significant privacy questions. Google states in the Chrome privacy policy that it will log the IP addresses of people who download the browser. It also says that all URLs or other queries typed into Chrome?s address bar will be sent to Google, which will use that information to make suggestions to users.

The browser?s privacy policy says it will ?process? information received from Chrome users but ? in a crucial omission ? doesn?t say whether it will retain the data or for how long: ?Information that Google receives when you use Google Chrome is processed in order to operate and improve Google Chrome and other Google services,? the policy states.

I don’t think consumers are going to go for it. It’s too intimate to gather these different services together. It’s like your bank buying your DVD store, and the guy who approves your loans also gets to know about your perverted taste in movies.

The bottom line is that the privacy landscape is shifting. So how should you handle your own privacy policies?

Do the right thing.

Some years ago, a friend of mine urged me to become an SEO, touting tactics that were legal and fine at the time but that would be considered black hat today. “It’s so easy! All you have to do is use this automated program that will create hundreds of sites at once, all linking back to your client’s site.” Thankfully, I didn’t go for it; I might have made money in the short term, but it would have been bad news in the long run.

The same holds true for privacy. Forget about what you can technically get away with, or what you can assume your customers won’t notice. Just do the right thing. Be fair. Consider the customer. Consider the cost to them as well as the benefit. And behave in a way that lets you hold your head high.

In a mixed up, muddled up, shook up world, your integrity is a real asset.

Your thoughts on this topic are welcome.

Yesterday, I began the Six Sigma Privacy series with a discussion on the user attitude to online privacy, primarily focusing on the observation that most Internet users don’t really care. Today, I’m going to take a look at how some of the big players approach the topic. The bottom line is that there’s lots of talk and not a lot of action.

Privacy advocates want people to believe that this is the single biggest issue since the Colonies seceded from England. Consumers are apathetic. How do the titans of the Internet tackle privacy?

Back in July, Microsoft and Ask came together to call for global privacy standards:

Building on their respective efforts to protect consumer privacy, industry leaders Microsoft Corp. and Ask.com, a wholly owned business of IAC (NASDAQ: IACI), today joined together in the commitment to call on the industry to develop global privacy principles for data collection, use and protection related to searching and online advertising. The companies will work with other technology leaders, consumer advocacy organizations and academics to come together and join them in working on the development of these principles, which could include developing and sharing best practices to provide more control for consumers.

?As search and other online services progress, it?s important for our customers to be able to trust that their information is being used appropriately and in a way that provides value to them,? said Peter Cullen, chief privacy strategist at Microsoft. ?We hope others in the industry will join us in developing and supporting principles that address these important issues. People should be able to search and surf online without having to navigate a complicated patchwork of privacy policies.? [emphasis mine]

Google followed suit in September, with Peter Fleischer calling for global privacy standards at a UNESCO conference:

…Google is calling for a discussion about international privacy standards which work to protect everyone’s privacy on the Internet. These standards must be clear and strong, mindful of commercial realities, and in line with oftentimes divergent political needs. Moreover, global privacy standards need to reflect technological realities, taking into account how quickly these realities can change.

Their announcement, though, was met with resounding cynicism, according to MediaPost coverage:

“…It’s clear that this is motivated in part to dampen the growing opposition to the DoubleClick takeover,” said Jeff Chester, executive director of the Center for Digital Democracy (CDD). “Google is attempting to head off a global regulatory digital train wreck.”

…”Google is under enormous pressure from many countries around the world who are fed up with their arrogance and their unwillingness to make meaningful changes to their business practices,” said Marc Rotenberg, executive director of EPIC. “They are also trying desperately to push the acquisition of DoubleClick through the Federal Trade Commission. And they’ve met enormous resistance.”

…Critics argued that the search giant gave no specifics for how to move forward with a global implementation–calling it another sign that the endorsement was just Google posturing for the FTC.

“Mr. Fleisher is lobbying to get a privacy Band-aid placed over an ever-growing flow of personal data being squeezed from consumers (by Google and others),” said Chester.

Poor Google. Evil-avoidance notwithstanding, they’ve gotten so big that pretty much anything they do these days is greeted with cynicism. Take Maile Ohye and the Google Privacy Videos (one and two). Just a few days ago, Ryan Singel at Wired gave his non-held-back opinion on them:

The video skips right over the part where Google opts in new users to the tracking program without explaining to people what the program is or does.

Instead, it jumps from the “create a Google account screen” to a heartwarming story about how having searched for the “Rolling Stones” in the past will help Google disambiguate a later search on the word “bass” - so it knows you are interested in the instrument, not the fish.

This might be interesting if it were true, which I doubt it is since I’d wager MORE people who searched on the “Rolling Stones” in the past are anglers than musicians.

But why let that get in the way of a good cover story for why Google really wants to collect data about you which is, as we all know, the ad dollars.

Anyway, back to Fleischer and Google’s request for global privacy standards. In September, Google’s CEO, Eric Schmidt, added his voice to the conversation:

More encouragingly recent initiatives in this area by the United Nations, the Asian-Pacific Economic Co-operation Forum and the International Privacy Commissioners? Conference have all focussed on the need for common data protection principles. For individuals such principles would increase transparency and consumer choice, helping people to make informed decisions about the services they use as well as reducing the need for additional regulation. For business, agreed standards would mean being able to work within one clear framework, rather than the dozens that exist today. This would help stimulate innovation. And for governments, a common approach would help dramatically improve the flow of data between countries, promoting trade and commerce.

I recommend you click on the link to Schmidt’s piece and read the response from Ann Cavoukian, who chaired a working group of Commissioners convened for the purpose of creating a single harmonized privacy standard; she points out that the issue isn’t standards creation but standards implementation:

I would also like to draw your attention to documents already produced by highly regarded international authorities on privacy and suggest that the issue is not one of developing new standards, but of raising the bar by observing existing global standards and privacy principles.

What does this all add up to? Major players understand the importance of being seen as caring guardians of the people’s privacy. They talk about it, create videos about it, call for global standards for it. I’m just not yet convinced that effective actions are being taken about it, or even that these companies want people to truly understand the issues at stake. The Maile Ohye videos aren’t designed to raise awareness; they’re designed to keep people calm.

But what should they be doing instead? Tomorrow I’ll discuss some of the issues involved and why this topic is important. Until then, I’d love to hear your opinion about how the big players handle online privacy. Do you think they do a good job? Or should we demand something better?

Remember a few days ago when I wrote about the ecosystem that surrounds Google? I said that Google isn’t just Google; it’s every other company, website, blog and mashup that has built a business model on the back of the search giant. And lo and behold, into my inbox appears a gift from ZDNet, tailor-made to reiterate my point:

Mozilla?s revenue, which includes Mozilla?s foundation and corporation, came in at $66.8 million in 2006…

Mitchell Baker, Chief Lizard Wrangler at Mozilla, wrote in a blog:

?As in 2005 the vast majority of this revenue is associated with the search functionality in Mozilla Firefox, and the majority of that is from Google…?

It doesn?t take a big leap to conclude Google is bankrolling Mozilla… Mozilla gets 85 percent of its revenue from Google. The latest Mozilla-Google contract expires in November 2008.

Mozilla?s financial statement really puts the browser battle into perspective. It?s not Firefox vs. IE as much as it is Google vs. Microsoft. [emphasis mine]

Google vs. Microsoft is quite different to Firefox vs. IE. So how does this affect your perception of the open-source browser, if at all?

This piece appeared on Friday in Search Insider. It’s gotten some interesting comments, so feel free to respond either here or there.

On Tuesday, the BBC reported that Yahoo and Microsoft are adding new features as part of their ongoing attempts to convince the world that they are serious contenders to the Google throne. Yahoo will provide on-the-fly query suggestions, while Microsoft is quadrupling the size of its index. Both companies are touting the fact that they will soon include links to photos and video on the results pages.

Hmmm? where have I heard this before? In addition to Google?s own Universal Search, I mean. Oh, yeah! Ask.com did this back in June! And, despite rave reviews of Ask3D, comScore shows them slipping ever since, from a 5.0% market share in June to 4.7% in July to 4.5% in August.

Yet Yahoo and Microsoft insist on trying to woo searchers away from Google by launching new features. Unfortunately, they?re in a bit of a lose-lose situation right now. If they upgrade, they?re only playing catch-up. If they don?t upgrade, they fall even further behind.

They should have called me first. Me or Jeremy Kaplan, the editor of PC Magazine. Kaplan was interviewed on MarketWatch for his thoughts on the matter, and he had this to say:

It seems like it?s really a mindshare thing more than anything. I think most of the search engines seem to be able to cull the same information. It?s just a question of getting the brand out and transforming the way people search, and that?s definitely an uphill battle.

It?s likely that Jeremy Kaplan has access to a broader dataset than I do; even so, I surveyed myself and found his observation to be true.

For example, I have absolutely no inclination or disinclination towards Microsoft search. In fact, I?m quite confident that it delivers similarly useful results to Google. In addition, I am somewhat ashamed to admit that I have MSN as my home page because it came with the browser, and I?m doubly ashamed to admit that I?m too lazy to spend the three seconds it would take to make Google my home page. Nonetheless, every time I have to run a search, I launch Explorer and type Google into the address bar.

Thank you in advance for your many words of advice on how to change my inefficient habits. I realize I need help. My point here, however, is not about my own loss of street cred; it is that Google?s hold on the market, or at least on that share of the market sitting at my desk, is so strong that I invest effort to bypass the Microsoft search bar on my home page.

I invite you to think about your own habits when you search, and whether the promise of a couple of new features would be sufficient to entice you to change your behavior. What would it take?

Whatever the answer to that question may be, I don?t think it?s accessible to Microsoft and Yahoo. They?ve never achieved escape velocity, the minimum speed necessary to bust out of the Earth?s atmosphere, and now it?s too late: they?ve begun to decelerate.

No, there are only two possibilities for another search engine to unseat Google, and they would pretty much have to happen simultaneously:

1. A new search engine, or coalition of search engines, will have to offer both the novelty to capture the imagination of early adopters and the substance to cross the chasm, and
2. Google will have to make a major misstep.

Charles Knight at AltSearchEngines understands this, which is why he?s fighting for alternative search engines to collaborate. He realizes that, combined, they have a lot more momentum than they do individually, and a much greater chance of reaching escape velocity.

Within a few years, the Universal Interface that he champions could be in outer space—while Microsoft and Yahoo watch from the ground and fiddle with features.

CNET just put up the Big Five’s responses to a survey about their privacy practices. Here’s my take on the information provided.

AOL answered every question directly and simply. Bravo!

Nicholas Graham from Ask.com gave what I thought were funny answers to nearly every question. Instead of responding directly, they answered on behalf of the yet-to-be-launched AskEraser. Here are some examples:

What search-related data–including IP addresses, cookie IDs, user identities, and search terms–do you retain?
Graham: With the upcoming launch of AskEraser, a user’s IP address, search data cookie ID and search query will be completely deleted and expunged.

How long do you retain those data?
Graham: Users of AskEraser will have their complete IP address, complete search data cookie ID, and complete search query eliminated in a few hours or less.

If you retain data for a limited period of time, is it completely deleted (in such a way that the data and backups cannot be recovered, even under court order) or is it anonymized instead?
Graham: Users of AskEraser will have their complete search query data eliminated so that no one who requests it from Ask.com will be able to access it–ever.

If the data are anonymized, exactly how do you do this?
Graham: Since users of AskEraser have their complete search data totally deleted, none of their data is ever anonymized.

But the real punchline of Ask’s survey was the final question:

We wrote last month that AskEraser will launch by the end of the year. Do you have a more specific date?
Graham: We don’t have a more specific one.

Nicholas Graham, if you are reading, would you be willing to provide the answers to the questions that would be currently accurate for Ask.com? If you know Nicholas, or know someone who knows him, will you forward this request?

Victoria Grand from Google gave an utterly obfuscating answer to the question of behavioral targeting:

Do you do behavioral targeting, meaning showing ads to users based on their behavior across multiple queries?
Grand: We are committed to protecting user privacy. We also want to provide users with a more rewarding online experience by making the advertising and content users see relevant to them. We believe the targeting capabilities, reporting and analytics we offer today provide advertisers with an excellent ROI and provide a high-quality user experience. Currently, our system incorporates a large number of signals (such as the user’s query, the user’s location, type of site, content, and the advertiser’s landing page) when targeting and ranking ads. We have not focused on demographic targeting to date for targeting ads on search result pages.

Evidently the surveyers couldn’t understand that any more than I could, so they followed up:

We weren’t able to figure out your answer to our question asking whether you do behavioral targeting. In other words, if I search for “New York City vacation” in one query and “vacation hotels” in a second query a moment later, does Google.com evaluate the two responses, figure out that I’m probably looking for New York City hotels, and display ads appropriately?
Grand: No.

Don’t they, though? I’ve been reading a lot about this adjacent query thing… wait a minute! I wrote about it two weeks ago!

Meanwhile, over on Yahoo! News? Eric Auchard is writing about Google?s unwillingness to tie together profiles across their massive collection of services for the purpose of serving up targeted ads.

What they are willing to do is use information that can be gleaned from within a given search session.

“A user who types ?Italy vacation? into a Google search box might see ads about Tuscany or cheap flights to Europe. Were the same user to subsequently search for ?weather,? Google will assume there is a link between ?Italy vacation? and ?weather? and deliver ads tied to local weather conditions in Italy.”

So do they or don’t they?

Microsoft’s Peter Cullen gave some interesting answers. He was straight up about behavioral targeting, which users can opt out of (opting in is automatic).

If you do, is there a way for users to opt out of behavioral targeting?
Cullen: Once Microsoft begins to offer behavioral ad targeting on third-party sites, we will offer customers the ability to opt out of the behavioral ad targeting by Microsoft’s network-advertising service on those Web sites. This is consistent with the privacy principles of the Network Advertising Initiative, which Microsoft announced it will join. We will also continue to develop new user controls that will enhance privacy, such as letting people search and surf our sites without being associated with a personal and unique identifier used for behavioral ad targeting.

Finally, Jim Cullinan from Yahoo wins the First Annual Kaila Colbin Blunt Award:

Do you do behavioral targeting, meaning showing ads to users based on their behavior across multiple queries?
Cullinan: Yes, we do.

If you do, is there a way for users to opt out of behavioral targeting?
Cullinan: No.

His replies oblige me to repeat a question I’ve asked many times before:

What is the real privacy issue?

I presume Yahoo does behavioral targeting because they believe it gives them a market advantage. If there were a massive market backlash, they’d be forced to drop it, right? Yet I’m equally confident that if Google announced they were going to do behavioral targeting with no possibility of opting out, there would be a HUGE uproar!

Are we giving Google the short end of the stick here? Are we just worried about Google because they’re so massively and enormously big? Or is it the other way around: should we be more worried about Yahoo than we actually are?

Do you think the marketplace is expressing a consistent and coherent view of what we want?

Barry Schwartz at Search Engine Land connected two interesting news items today when he pointed out that Microsoft had just bought CareerBuilder while Google was contemplating the purchase of SimplyHired.

Why so much interest in job search? Given that roughly half of our waking hours are spent working, finding the right job has a dramatic impact on our day-to-day experience. And we’re willing to pay to get it right: job search is a multi-billion dollar industry, with the 10 largest search firms in the U.S. passing $1 billion in revenue as far back as 2000.

Finding a dream job is akin to finding the perfect mate. We have to be able to clearly articulate what it is we really care about in our employment. We have to be able to understand what it is that we don’t like but are willing to ignore. And we have to understand our potential employer, so that we can know whether this is a match made in heaven or one destined to crash and burn.

Research abounds proving that companies perform better if they have a clearly articulated purpose and values, shared by all of the employees. In Built To Last, Collins and Porras found it to be the single most consistent identifying characteristic of visionary organizations. When everyone is working in alignment, the door is opened to extraordinary performance.

Job search engines, like Monster and CareerBuilder, focus on descriptions and keywords to help people find their employment. You look for work in your geographic region, in your area of expertise, or in your salary bracket. Overlay that with VortexDNA technology, though, and you could look for work in companies that share your core purpose and values. Don’t you think that would be important?

Companies seeking to hire describe the skills and attributes they need: IT architect, proactive problem solver, proficient with Microsoft Word. Imagine, though, if the companies had a simple and consistent way of finding out whether new hires share the organization’s deepest reason for existence. This sort of powerful connection could have a profound impact on the ultimate success of individuals and the company itself.

What do you think? Would you rather find a job, or a career where you could unleash your grandest vision of who you are? For me, I can’t distinguish who I am from the work that I do, but I know some people think a job is just a job. What is it for you?