Wednesday, March 18, 2009

Some companies get it

This afternoon, I received a call from Aaron Ahola, the Chief Privacy Officer at Akamai. He had seen my blog post from last week describing my new opt-out cookie Firefox add-on (200 active users on Monday, 1000 users on Tuesday, 3000 on Wednesday), and the problems I had noted with the opt-out cookies used by several advertising networks (including his own).

Aaron told me that he looked into the advertising opt-out cookie issue and confirmed that what I had reported was true -- that Akamai was giving users an identifiable opt-out cookie when they asked to not be tracked.

Not only did he understand the privacy issues at play, but he immediately asked his engineers to look into the issue and fix it.

As of 4PM today, Akamai's advertising system now uses generic, non identifiable opt-out cookies.

While this pleases me immensely, I am more shocked than anything. Just 5 days after I started to tinker with the code for Google's open-source Advertising Cookie Opt Out Plugin, Akamai pushed through a change in policy across its entire advertising system.

Not only was this the right decision, but it was damn fast.

After working so much over last few years to debunk the doublespeak echoed by the privacy czars at companies like Google and Facebook, is is refreshing to find someone who speaks honestly, understands the concerns of the privacy community, and is willing to fix a flawed policy when it is pointed out.

Bravo Akamai. Now, lets see if the remaining advertising networks will show themselves to be as savvy.


Anonymous said...

This is fairly insignificant in the broader privacy picture. There are already many options for selectively blocking tracking cookies. This post seems like nothing but concern trolling and self-promotion.

Anonymous said...

Of course I understand the general problem of id-bearing opt-out cookies, but is there anything that stops you from getting an "anonymous" out-out cookie id (just clear everything, get an IP address they haven't seen before or use TOR and then opt out) and then use a copy of this single ID in the plugin and thus on all clients?

If they abuse the id by still spying on the users who opted out, they will see a nice mess of all plugin users, so it shouldn't be a problem for that specific case.

Anonymous said...

@footarded: Your comment is just way off base. Sure there are other options to block tracking cookies, but none that are as easy to invoke for the average, non-geek user, who only knows there's a problem but doesn't want to spend days researching/learning about how to address it. Personally, I think the author's "TACO" app is a really helpful and important browser add on, and I appreciate his work. I'd be quite surprised if it doesn't become a "usual" add on for most people once it gets a bit more publicity.

Liked the previous "Anonymous" post about using TOR to opt out, too, but that's quite a lot of work for the typical non-geek user.

- Ami N.