Not-so-private practice

How everyday websites use our information

Website sign-up forms have a universal, familiar format. When signing up for a website, a user is asked to provide their name, email, and sometimes, age. At the bottom of the form, there is a tiny check box with small print beside it that reads “I agree to the Terms and Conditions.” There is usually a link to another page containing a legal document, but almost nobody actually reads this. They click the box, consenting to a long list of privacy requests that they may not understand. In exchange for the website’s service, they consent to their information being shared with advertisement agencies, local law enforcement, credit card companies, and future bosses. And of course, users understand this completely, and are so okay with this that they don’t even bother reading the contract they sign.

That doesn’t sound right, does it? Although most computer users sign Terms of Service contracts without a second thought, there is an assumed level of privacy on the internet, especially on social networking and business websites. However, users of sites like Facebook and Gmail are often unaware of how little control they have over what data is shared and with whom. Privacy policies are often practically unreadable – full of legal jargon and in paragraphs the size of skyscrapers. And what websites actually do with its users’ data is even harder to know or understand.

For example, earlier this year, Facebook introduced “Sponsored Stories.” When a Facebook user “liked” a product or tagged a company in a post, that company could pay Facebook to display the story more prominently on that user’s friends’ news feeds, with the company’s logo beside it. Advertisement companies liked this structure because it created the impression that a friend was suggesting a product. To do this, Facebook created a filter so that only likes, and positive comments or reviews were sold to companies interested in advertising this way. However, Facebook users disliked this new feature.

In fact, a group of Facebook users in California were so upset that their names and photos were sold and used without their knowledge as advertisements that they took up a class action suit with Facebook – and won. Although your “likes” are still sold to advertisers to personalize the ads you see, and although your friends’ photos continue to appear on the sidebar ads if said friends have “liked” a product or brand, Facebook no longer sells Sponsored Stories.

Google has appeared frequently in the media for issues of privacy, and has also gotten into trouble with U.S. and international law enforcement agencies. Several years ago, Google signed a twenty-year agreement with the U.S. Federal Trade Commission (FTC) pledging to respect user privacy rights. Last year, Google broke this agreement, and was fined $22.5 million dollars (the largest sum ever fined by the FTC, but equivalent to Google’s average earnings in five hours) for its use of cookies to collect iPhone users’ data. People who used the Safari browser on their iPhones had been inadvertently giving Google all of their browsing data. Google accomplished this through a hidden “consent form” on all of its affiliated websites, so that when a Safari user opened Google or YouTube, amongst others, Google’s cookies would track their web use. This also extended to some sites outside of Google’s ownership. According to the Wall Street Journal, “Google placed the code within ads displayed on major sites including movie site, dating site,,, and, among others.” Google has since removed the code that accomplished this, and the fine has been paid.

Google has recently come under fire for its new privacy policy, which came into effect in May. All Google products (Gmail, Youtube, Google Search, Google+, Picassa, et cetera) now share data, so information that you give to Gmail (for example, the subject or text of an email, or the email address you send it to) can change the advertisements you see when you use Google’s search engine. It can be sold to other companies as well.

The general public response has been overwhelmingly negative. The loudest complaint? The new policy was not opt-outable – all Google users were forced to comply, or to delete their accounts for all Google products. There was no option to keep all of their internet identities separate. A personal post on Google+ about a divorce, say, could be sold to a bank and reduce someone’s ability to get a low mortgage, because recent divorcees have been shown to be more fiscally irresponsible. Googling a medical condition might keep you from getting private health insurance.

An article in the Huffington Post written by a former FTC lawyer, William Rothbard, explained that in reality, advertisement agencies are the customers of websites like Google and Facebook, and users – and their data – are the product that is sold. The free service provided by many websites isn’t free at all. Instead of money, users are trading those experiences for personal data and brain time, at a considerable profit to websites.

As students, many of us have grown up using the internet, and have grown comfortable sharing data about ourselves with websites in a way that older generations were not. Children, especially, are unaware of the information they may be giving away, and websites using that information are not held accountable. Often it is users’ ignorance, rather than apathy, that allows websites their opacity.