Congressman Michael Capuano (D, MA) complained on the House floor that he bought some underwear online and that he thinks that Comcast, his internet service provider (ISP), is selling information about his purchase. He was testifying against Republican legislation which prevents a Federal Communications Commission (FCC) regulation promulgated in the waning days of the Obama administration ostensibly to protect Internet privacy from going into effect. Trouble is the congressman doesn’t understand who is selling his undergarment preferences. It’s highly unlikely that it’s Comcast.
We’ve all had the same experience. You break your ballpeen hammer; you google ballpeen hammers; your search leads you to Amazon where you make a purchase. Immediately your online experience is framed by a flock of ballpeen hammers. You look at weatherunderground: rain tomorrow and ballpeen hammers. Check the local news: headline is arson under a banner ad for ballpeen hammers.
How does that happen, you ask? Did my ISP spy on my search or my transaction with Amazon and then sell my information to the makers of ballpeen hammers? Is that what happened to the congressman and his underwear order? Nope. It was either Google or Amazon (or both) who “monetized” the information you gave them about your purchase intentions. Here’s how it works:
When you did your search, Google put a “cookie” – a snippet of information only Google and you can read – on your computer. Amazon put an Amazon cookie on as well. The cookies either contain the specifics of what you were searching for or an identifier which lets Google or Amazon retrieve information about searches done from your computer or by you if you happen to be signed on to Google or Amazon at the time.
Now you go weatherunderground, Google or Amazon or both have bought ad space on the weatherunderground webpage. Their ads run in a “frame” on the webpage which means they have code in them which actually communicates with Google or Amazon and not with weatherunderground. This frame looks to your browser like it is running at Google or Amazon so it has access to the cookies which Google and or Amazon left behind. Aha. As fast as speeding electrons, Google or Amazon “know” that you will be interested in a chance to buy a ballpeen hammer so they give you that chance (I don’t know why Amazon apparently doesn’t know you already bought one). Up pops the hammer. The process is slightly more complex if you are on a different device, but the ballpeen ads can get to your smart phone as well as your computer.
As far as I know Google and Amazon don’t sell the information directly to purveyors of ballpeen hammers; but that’s only because this is not the best way for Google or Amazon to make money from the information. Amazon obviously gains if they can sell you something you want. Google makes most of its money by selling ads. In general they get paid when the ad is clicked on; so they make the most money by serving you an ad you’re likely to respond to. They’ve used the information to make you a source of profit. That’s not a sin, just a fact. You get free searches from Google in return for the information you give them. You pay low prices and get great choices and maybe free shipping at Amazon because they are so good at getting you to buy.
So why does the FCC want to regulate ISPs rather than Google and Amazon? Is that regulation a good idea? How should privacy be protected online? How can you protect yourself? Stay tuned to this blog (it doesn’t put cookies on your computer).