The pros and cons of mass self-communication are linked to notions of "user empowerment" and "user disempowerment". Empowerment in the general sense is defined as "enabling people to control their own lives and to take advantage of opportunities" or in other words "a process, a mechanism by which people, organizations, and communities gain mastery over their affairs."
In order to be more empowered through social media, a user is already presupposed to have mastered these new empowering media technologies. The unprecedented autonomy of media consumers increases the chance of positive and negative consequences, and thus implies more responsibilities and capabilities to foster these new tools of (dis)empowerment.
Challenges for privacy in dataveillance
There has been a transition from a classic perception of privacy, which is "the right to be left alone" to the notion of "dataveillance" – as the junction between "data" and "surveillance" – which is more prevalent in online environments.
When applying the notion of dataveillance to commercial online settings, some particular issues need to be stressed. Similar to the traditional media and their audiences, social media generate users that can be sold to advertisers. In more traditional formats of online display advertising, like banners on websites, it is quite obvious that one is approached as a consumer. But if somebody is sharing and tagging his pictures with friends on Facebook, this user will normally see himself as someone maintaining social relations with his friends and not as a consumer conveying (very) personal data and content to a US company in exchange for the "free" use of its social network services. In this way social relations are commodified intensively, by using this information for more personalized commercial communication and promotion of goods and services.
In this way personal identifiable information (PII) is the currency users pay to get access to social media applications like social network services (SNS). PII refers to information, which makes it possible to either directly or indirectly identify a person or what kind of data belong to that person. Indirectly identifiable information means that it is often still possible to identify users with anonymized PII, through the coupling with another piece of PII.
This commercial exchange does not have to be problematic. It can be a fair deal between the user and the digital service, as long as each party in the deal clearly understands the transactional terms. However users are often not fully aware about what kind of deal they have entered and how to possibly change the conditions.
Contextual integrity was designed to answer whether a situation contained a privacy breach or not. To achieve this, the situation is defined as a context with the following relevant entities: "the one from whom the information flows, the one to whom the information flows, and the one – the information subject – about whom the information is."
These entities perform roles in our society such as patients and physicians or students and teachers. A physician may ask about your health in his office and you may expect from him that he keeps this information to himself, unless he needs to share it with a colleague to help with a therapy. In this situation two sorts of information norms define the flow and content of the disclosed information. The relationship "physician-patient" defined what kind of information would be exchanged by whom. The norms that govern what is disclosed in a certain situation are norms of appropriateness, and they are context dependent.
Every situation contains a second set of norms which defines to what other contexts or persons this information may flow. These are the norms of distribution. This norm of information flow assesses the transfer of personal information from one party or context to another context. The question is which information from one context may be used in another context. Personal data that are revealed in one specific context will always carry a specific stamp from that context.
A good example is what happened with the social network site Buzz by Google. At the launch on 9 February 2010 Google Buzz automatically, without asking, published openly all personal networks of users based on the people they interact with via Gmail. However e-mail contact lists can hold very private information, like names of personal physicians, romantic relationships or the identities of anti-government activists. They wrongfully assumed that information in one context (of e-mail correspondence like Gmail) could be disclosed without any problem in another setting (of social network relationships like Buzz).
Cookies as a corporate dataveillance technique
For demonstrating the risk of disempowerment on the level of privacy awareness, consider the most familiar online PII collecting tool, the Internet cookie. This is a little text file that is placed on the computer by visited websites. The http cookie was introduced in 1994 in the early browser Netscape Navigator with the purpose of user convenience, namely remembering contents of web shopping carts. Another important property of cookies is the fact that it is sent automatically, which makes it very unobtrusive.
First party http cookies
Cookies were first developed to give websites a memory. This memory is called a "state", and a state is a configuration last used by a user. To remember states, a cookie is able to store the interaction between the user and the website.
This type of information can be, for example, the user name, the ads clicked and the time spent on each web page. It is important to note that this information is usually encoded to keep the information safe from malicious parties. Therefore, it is impossible to know what kind of information is being communicated through a cookie.
Third party http cookies
Third party http cookies differ from first party cookies in two ways:
- They are not placed through the answer to a page request. They are placed through advertisements, images or scripts hosted on a first party website by a third party server. These cookies do not require a user interaction to be loaded on the user's browser.
- Third party cookies are more persistent than first party cookies, because they are used across different websites and Internet sessions instead of one single visit. Some of these cookies have a default maximum age of more than 30 years.
Third parties may also track users through one by one pixels. These pixels are called "beacons" or "gif/web/pixel bugs". Pixel bugs are impossible to spot for users because they are blank images. Third party cookies are not only used for advertising. Social media and other web applications that require much state information through different websites, such as social tagging, need third party cookies as well to ensure an optimal working service.
"The main advantage of cookies – its unobtrusive way to store states – enables a lot of positive and empowering uses when they are used to improve user browsing experience by adding a social or personalized layer."
Facebook gathers data in this way, and the Google Buzz plugin and Twitter's Tweet button are also used to track users. This is problematic because users do not expect to be tracked via the plugins when they are not using them.
Flash cookies or local shared objects (LSO)
Flash cookies were developed by Macromedia Flash, which became Adobe Flash after Abobe acquired its rival Macromedia in 2005. The first Flash cookie enabled Flash player was Flash Player 6, released in March 2002. This type of cookie was also made to remember states, but there are some important differences:
- A Flash cookie was not removable until September 2006, when Flash made the option available through its website.
- The cookies were not removable through a browser until January 2011 with the implementation of NPAPI ClearSiteData.
- The amount of available information space has grown to 100kB from the 4kB of the http cookie.
- Flash cookies do not have an expiry date.
Flash cookies are installed via any Flash application on a website if the user installed the Flash player plug-in. All cookies are accepted by default and cookie preferences can be changed in the "Adobe Flash Player Settings Manager".
"Zombie cookies" were implemented by firms, such as United Virtualities, after they learned that 30 per cent of Internet users were deleting http cookies. The zombie cookie, or Persistent Identification Element (PIE), is tagged to the user's browser, providing each with a unique ID just like traditional cookie coding. However, PIEs cannot be deleted by any commercially available adware, spyware or malware removal program. They will even function at the default security setting for Internet Explorer.
In order to achieve this kind of persistence the PIE is not one, but two cookies. The first one is the http cookie and the second one is the Flash cookie that revives the http cookie in case of deletion.
Addressing the challenges
The main advantage of cookies – its unobtrusive way to store states – enables a lot of positive and empowering uses when they are used to improve user browsing experience by adding a social or personalized layer. Cookies are built in such a way that information sharing becomes less tedious by removing the need to (re)create and direct data. In this way the threshold to mass self-communicate has been lowered for users.
However, these forms of corporate dataveillance simultaneously incorporate a risk of user disempowerment. As the value of personal data (PII) grows in the realm of mass self-communication, they are increasingly used as a currency instead of being treated as personal property of the users. Hence, depending on the business model, this trend raises the pressure for Internet companies and advertisers to collect a maximum amount of personal data with the least possible threshold. The challenge is then to organize a fair exchange between users and suppliers of digital services.
The challenges of user disempowerment and online privacy can be addressed on different levels: on user level, on technology level, and on policy level:
- On the user level, future research has to take a critical look at the differences on the micro-level of everyday consumer practices between various consumers and consumer groups, in order to assess this "privacy divide" in an everyday surveillance environment. This not only means investigating what consumers know about exchanging personal data (awareness), but also what they are able to do (capabilities), what their preferences are (attitudes) and what they effectively do (practices).
- The outcome on user level needs to be matched with the second level of technological affordances and industry developments with regard to new techniques for tracking and exposing online consumer behaviour. This can, for example, be enabled by a socio-technological approach of "privacy by design".
- On a third level, these user and technological perspectives can also inform policy and (self)regulation. Policy needs to address transparency and awareness, by which users can know and understand the exchange taking place: personal data for "free" services. Finally consumers also require the necessary capabilities to interpret and act upon the social world that is intensively mediated by mass self-communication, in order to convert knowledge into everyday practices. Policy can take initiatives to strengthen the digital literacy capabilities regarding privacy, via school and at home. And if all measures fail there still needs to be a sufficient degree of enforcement.
In that way citizens and consumers would have the possibility to apply the notion of mass self-communication also on the disclosure of their own personal data. This means that users of social media can have control on the production of their personal data, on who potentially receives these data, and on what is exposed explicitly in their digital footprint or implicit via cookies and other collecting tools.
This is a shortened version of "Social media and cookies: challenges for online privacy", which originally appeared in Info, Volume 13 Number 6, 2011.
The authors are Jo Pierson and Rob Heyman.