IP addresses and personal information (was Re: [LINK] Fwd: On Line Opinion - 16 February 2007)

Stilgherrian stil at stilgherrian.com
Sun Feb 25 09:37:14 AEDT 2007 

On 24/2/07 11:31 AM, "Irene Graham" <rene.lk at libertus.net> wrote:
>> Seniors, Young People, Wage Earners, Aspirational, Professional by
>> trying to classify their interests/behaviour/expenditure pattern.
> 
> What I do not understand is how can they classify web site visitors into
> those or any other categories -if- they are only collecting completely
> anonymised information from ISPs?

And that's the point. You can't IF that's the only information. And in
general it's not.

I haven't followed this thread in any detail, so I'm not across the
specifics of individual companies' practices, but this is how it works in
principle...

  * The web stats company matches IP addresses with web surfing
    habits. This is "anonymous" because they don't have your name,
    but it does mean they can match IP addresses with the specific
    timing of website visits.

  * You register with Fairfax Online so you can see smh.com.au or
    theage.com.au, so Fairfax know your name and address and any
    other information you've given them. They pass on some of that
    information to "their business partners" -- "anonymous", as it
    doesn't include your name, but they can still match a specific
    website visit to a postcode, say.

    (Fairfax is just an example, I have no knowledge of their actual
    practices. Though it's obvious their websites use a range of
    tracking tools.)

  * Somewhere else, you fill in a survey -- anywhere! -- that
    included your occupation or salary range. This information is
    shared with "their business partners", and as long as it
    doesn't include your name then it's "anonymous".

  * Everybody data mines the bejesus out of everything, so it's
    pretty easy to line everything up based on a fingerprint of
    what websites were visited in what sequence at what time.

  * For bonus points, any single one of those players knows your
    name or email address and so *can* match it to a profile. And
    voila, you have a dossier of a person.

As long as all the other players have privacy policies which say "we only
pass on anonymous information" and "we can share info with our business
partners" and "our business partners have their own privacy policies",
they're covered -- and it's up to you to read the business news to figure
out who those business partners might be.

This is why the Aust Bureau of Stats introduces random fuzziness into the
Census data before its made public. While it's "anonymous", a census
collection district is only 100 households. So it's pretty easy to match the
data with specific people if, say, a person is "single female aged 27,
occupation café manager, born in England who's lived in the area for three
years, with one male child aged 4." There will only be one such person.

When thinking about all this stuff, remember:

 1. Each player potentially has access to much more data than
    that which they collect themselves.

 2. They can all keep claiming they only pass on anonymous info
    if it's pooled and cross-matched by someone else.

 3. Their computers are much, much bigger than yours.

 4. Their responsibility as a company is to maximise the profits
    for their shareholders, and this is a competitive business. So
    they'll be thinking of ways to "improve" the accuracy and
    detail of their profiles while avoiding irritating privacy
    concerns.

 5. They're working on these issues full time with teams of
    specialists, while you're working part-time from an amateur's
    knowledge base, so assume they're already way, way ahead of
    you.   

Enjoy!

Stil


-- 
Stilgherrian http://stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 9516 5630
ABN 25 231 641 421

More information about the Link mailing list