I've already laid out my own reactions to Google's roll-out of an "interest based advertising" (IBA) program here. In a nutshell, I applauded Google setting a new "gold standard" in user empowerment by providing:
But first, the criticism from Ari Schwartz of the Center for Democracy & Technology requires a response today. At its best, CDT plays a vital role in calling corporations to continually raise the bar on privacy. My own think tank, the Progress & Freedom Foundation, works closely with CDT on many issues, such as advocating user empowerment through technological means as a constitutionally "less restrictive" way of protecting children than government censorship.
Here's what Ari had to say:
[T]he opt-out is based on a failed premise. The truth of the matter is that the industry needs to work together to move beyond the discredited cookie opt-out model.... Google claims to have improved upon the old model by creating a plug-in for users to keep their opt-out cookie while deleting the rest of their cookies. While as a technical matter that may be true, without an industry-wide solution these plug-in options just serve to confuse users about what they need to do to protect themselves. If this plug-in approach catches on, will users need to download a plug-in from every network advertiser and every analytics company to stop the tracking? That model just isn't sustainable.Ari is setting up a straw man when he suggests that users are going to have to download a separate plug-in for every ad network. The obvious solution, as Ari points out, is an industry-wide plug-in. But if it's so obvious, why can't CDT just write it themselves? Indeed, why didn't they write it years ago?
These aren't rhetorical questions. I really want to know what would be required to create a plug-in that does what Google's plug-in does for every other ad network's opt-out cookie in the Opt-out tool developed by the Network Advertising Initiative (NAI): Maintain "persistent" user choice by checking to see whether a user has deleted whatever their opt-out cookies and, if so, restoring those cookies.
CDT will probably insist that, if it's really so easy to create such an industry-wide plug-in, NAI should have done so years ago. Maybe so. Perhaps if the industry had moved faster to innovate in privacy protection, they would be in a stronger position right now politically. Of course, if the industry moves slowly in this regard, maybe that's because they've got their hands full trying to keep advertising, the economic engine that funds the Internet's "free" content and services, working-a reality Ari ignores. Or perhaps it wouldn't matter: It seems that no matter what industry might do, it's just not good enough for Ari. Under the banner of "Keeping the Internet Open, Innovative and Free," Ari is in fact leading CDT in a full-on attack on the Internet, pushing for regulation that will make the Internet:
We stand at an important crossroads in the debate over the online marketplace and the future of a "free and open" Internet. Many of those who celebrate that goal focus on concepts like "net neutrality" at the distribution layer, but what really keeps the Internet so "free and open" is the economic engine of online advertising at the applications and content layers. If misguided government regulation chokes off the Internet's growth or evolution, we would be killing the goose that laid the golden eggs.ack to the plug-in... CDT argues that the opt-out cookie system is flawed in respects other than ensuring the persistence of user opt-outs. We can debate that question. But I'd just like to get a clear answer once and for all about why CDT hasn't already developed this plug-in themselves.
Since CDT doesn't seem up to the task, we've already modified the Google plug-in to preserve another ad network's opt-out cookie (download our beta plug-in here) and are currently working to expand the plug-in to work for multiple cookies--which is simply a matter of coding. We'd welcome help from anyone with experience in writing Firefox plug-ins.
NAI could (and probably should) do this, themselves. But if CDT wants to start being philosophically consistent about empowering consumers across in the board--on privacy issues as well as child protection issues--writing this plug-in themselves is a great way to shame the rest of the advertising industry into picking up where Google left off. I suspect CDT's failure to do so thus far reflects a crass political calculation that anything they does to empower users to manage their own privacy through technical solutions simply undermines their arguments that only government can protect users--thus weakening their push for regulation. So much for CDT's declared mission of "seek[ing] practical solutions to enhance privacy!"