Georgia
resident Andy Morar is in the market for a BMW. So recently he sent a note to a showroom near Atlanta, using a form on the dealer's website to provide his name and
contact information.
治亚州萨凡纳(Savannah)的安迪•莫勒(Andy Morar)打算买一辆宝马汽车(BMW)。于是最近他发了一封简短的邮件给亚特兰大附近的一个汽车展销厅,邮件中使用了经销商网站上的表格来提供了他的姓名和联系方式。
His note went to the dealership -- but it also went, without his knowledge, to a company that tracks car shoppers online. In a flash, an
analysis of the auto websites Mr. Morar had anonymously visited could be paired with his real name and
studied by his local car dealer.
他的邮件发到了经销商那里──但是在他不知情的情况下,这封邮件也落到了一家在网上追踪汽车消费者的公司手里。转瞬之间,当地的汽车经销商就能把莫勒匿名访问过的汽车网站和他的真名对应起来并对其进行研究。
When told that a
salesman on the showroom floor could, in effect, peer into his
computer activities at home, Mr. Morar said: 'The less they know, the better.'
当得知展厅的销售人员实际上可以窥探他在家中的电脑操作行为时,莫勒说:"他们知道得越少越好。"
如今的科技把人们的真实身份和他们的浏览习惯关联起来的能力已大大增强,这是隐私问题上的一个转折点,它让我们的公共生活和私生活之间本已不太清晰的界限变得更加模糊。为了得到有关潜在客户更准确、更有价值的信息,各追踪公司正在重新定义着"匿名"的含义。
The widening
ability to
associate people's real-life identities with their browsing habits marks a
privacy milestone, further blurring the already unclear border between our public and private lives. In
pursuit of ever more
precise and
valuable information about
potential customers, tracking companies are redefining what it means to be anonymous.
看看Dataium LLC这家能够对莫勒这样的汽车消费者进行追踪的公司吧。Dataium说这些购车者在网上的浏览行为虽然能够与他们的真名关联起来,但他们的行为依然是匿名的,理由是:Dataium并没有把人们在网上浏览的历史记录细节逐一提供给销售商,而只是向他们提供了人们消费意向的分析结果。
在网上使用真实身份正迅速成为主流。《华尔街日报》对近1,000家顶级网站的调查发现,75%的网站现在都有来自社交网络的代码,比如Facebook的"赞"或推特(Twitter)的"Tweet"按钮。这种代码可以以前所未有的规模将人们的真实身份与他们的上网活动对应起来,甚至在用户没有点击那个按钮的情况下也能追踪其浏览的网页。
Consider Dataium LLC, the company that can track car shoppers like Mr. Morar. Dataium said that shoppers' Web browsing is still anonymous, even though it can be tied to their names. The reason: Dataium does not give dealers click-by-click details of people's Web surfing history but rather an
analysis of their interests.
在另外一项研究中,《华尔街时报》调查了人们登录大约70个要求用户登录的人们常上的网站时所发生的事情,结果发现,在超过四分之一的时间里,这些网站都把用户的真实姓名、电子邮件地址或用户名等其它个人信息传给了第三方企业。一家主要的约会网站还将用户自述的性取向和嗑药习惯传给了广告公司。
就在2010年年末,《华尔街日报》报道了Rapleaf Inc.这家率先通过电子邮件地址追踪网民的企业,当时这种做法还几乎是闻所未闻的事。而今天,Dataium这样的公司正把这类技术的应用推向一个新的高度。
The use of real identities across the Web is going mainstream at a rapid clip. A Wall Street Journal
examination of nearly 1,000 top websites found that 75% now include code from social networks, such as Facebook's 'Like' or Twitter's 'Tweet' buttons. Such code can match people's identities with their Web-browsing activities on an
unprecedented scale and can even track a user's
arrival on a page if the
button is never clicked.
在线追踪汽车消费者可以让汽车经销商获得优势,因为他们不仅能够知道购车者是否要真心买车──他是真的想买一辆红色敞篷车还是仅仅在幻想而已?──而且他们还可以详细了解到购车者喜欢的特定车款及其做出的选择。Dataium公司的共同创始人贾森•伊泽尔(Jason Ezell)去年在一次汽车经销商会议上说:"这样,当他来到店里的时候,我就知道该如何跟他谈。"他的讲话被录成视频并发布到了网上。
38岁的莫勒是一名酒店老板,他最近一直在详细关注2013款的宝马X5运动型多功能车,查看特定配置车型最近的销售价格。即使Dataium公司拒绝具体透露它了解到了有关莫勒的哪些信息。
In separate research, the Journal examined what happens when people logged in to
roughly 70 popular websites that request a login and found that more than a quarter of the time, the sites passed along a user's real name, email address or other personal details, such as username, to third-party companies. One major dating site passed along a person's self-reported
sexual orientation and drug-use habits to
advertising companies.
Dataium说经销商只能看到个人行为的分析结果,无法看到个人访问每一个汽车网站的原始信息。该公司表示,只有当人们自愿把电子邮件地址提供给销售商的时候,个人行为分析信息才会与他们的电子邮件地址关联起来。
莫勒访问的那家汽车销售店所属的Asbury汽车集团公司(Asbury Automotive Group Inc.)说,它会向顾客发出"关于使用非公开个人信息"的隐私通告。但对于是否使用了Dataium提供的有关莫勒的信息,该公司拒绝予以置评。
As recently as late 2010, when the Journal wrote about Rapleaf Inc., a trailblazing company that had devised a way to track people online by email address, the practice was almost unheard-of. Today, companies like Dataium are
taking the techniques to a new level.
从事网络追踪的公司早就辩解说,它们收集的信息都是匿名的,因此不会带来伤害。然而这个行业对"匿名"的定义已经随时间发生了改变。
本世纪初针对网络隐私规范问题出现了一场轰轰烈烈的争斗,此后网络广告行业普遍认定,"匿名"的意思是公司无法获得"PII",这是该行业的行业术语,即"个人验证信息"(personally identifiable information)。然而现在,一些公司即便获知或使用了人们的真实姓名或电子邮件地址,它们还是把自己的追踪或广告行为说成是匿名的。
Tracking a car-shopper online gives dealers an edge because not only can they tell if the person is serious -- is he really shopping for red convertibles or just fantasizing? -- but they can also gain a detailed understanding of the
specific vehicles and options the person likes. 'So when he comes in to the dealership, I know now how to approach' him, said Dataium co-founder Jason Ezell to a car-dealer
conference last year, which was videotaped and posted online.
它们的理由是:那样做依然算是匿名,因为个人的身份信息要么是从浏览记录中删除了,要么不会记入浏览记录,要么是与历史记录相分离的。比如,Facebook公司提供的一项服务是根据电子邮件地址向某些人群播放广告,但前提是广告商已经知道了受众的电子邮件地址。Facebook说它不会把人们的电子邮件地址提供给广告商。
Facebook公司的首席隐私长埃林•伊根(Erin Egan)说:"我们会根据你的身份向你提供广告,但是那并不意味着你的身份已经透明了。"Facebook、Rapleaf和其它一些公司都说它们对数据进行了匿名化处理。
Mr. Morar, a 38-year-old hotel owner who lives in Savannah, Ga., has been looking carefully at the 2013 BMW X5 sport-utility vehicle, checking recent sale prices for
specific configurations. Dataium declined to say specifically what, if anything, it knows about him.
匿名化是怎么操作的?一家网站使用了一个公式,把用户的电子邮件地址转变成由数字和字母组成的杂乱的字符串。一家广告公司对其客户的电子邮件清单也进行了相同的处理。之后两家公司都把它们处理后的杂乱字符清单送交给一家第三方企业,这家公司会从中进行对应匹配,对应成功的,那家网站就可以向具体的某个人播放广告了,但是真正的电子邮件地址并没有易手。
尽管如此,个人信息那么轻易就可以在网上分享,这让人很难知道自己的信息是否是安全的。《华尔街日报》对50家人们常上的网站以及它自己的网站进行的一项调查发现,有12家网站把电子邮件地址或者真实的全名等可能用以验证用户身份的信息发送给了第三方。
Dataium said dealers can see only an
analysis of the person's behavior, not the raw details of every car site a person visits. The information is tied to people's email addresses only when people provide them to a
dealer voluntarily, Dataium said.
《华尔街日报》还对另外20家涉及敏感信息的网站进行了调查,包括那些涉及人际关系、医疗信息和孩子的网站。其中有九家网站将可能用以验证用户身份的信息发送到了别处。
有时候,信息进行了编码加密处理,然后通过特殊的传送渠道提交给另一家公司。然而其它时候,用户的名字就直接包含在网页的标题或地址中,如果网站没有采取防范措施,这种信息会自动发送给进入该网页的任何广告公司。
The company that owns the dealership Mr. Morar visited, Asbury Automotive Group Inc., said it gives
privacy notices to customers 'regarding the use of nonpublic personal information.' It declined to
comment on whether it had used information about Mr. Morar provided by Dataium.
《华尔街日报》自己的网站也共享了相当数量用户的个人信息。它将用户的电子邮件地址和真实姓名发送给了三家公司。WSJ.com传播的其它信息还包括性别和出生年份,它允许人们在填写他们的网站个人简介时提交这些信息。
《华尔街日报》的一位发言人说个人验证信息的共享大多数都不是故意为之的,而且正在得到纠正。她说,唯一刻意共享的身份信息是进行了编码处理的用户电子邮件地址,该信息提供给了一家向选择接收其邮件的读者发送销售邮件的公司。她说《华尔街日报》让与之合作的公司签署了一项保证,防止它们不恰当使用接收到的数据。
Companies that conduct online tracking have long argued that the information they collect is anonymous, and
therefore innocuous. But the industry's
definition of 'anonymous' has shifted over time.
另一家共享了相当数量信息的网站是IAC (InterActiveCorp)公司下属的提供免费约会服务的OKCupid。该网站将用户名信息送交给了一家公司;将性别、年龄和邮政编码信息送交给了七家公司;将性取向信息送交给了两家公司;将嗑药信息──你"从不"、"有时"还是"经常"嗑药?──送交给了六家公司。它还把经过匿名化处理的电子邮件地址发送给了一家公司,该公司声称它使用这些信息来帮助企业从自己的电子邮件清单中找出客户的信息。
OKCupid网站首席执行长萨姆•亚甘(Sam Yagan)说:"这些信息中没有一个是可以识别个人身份的。"他说OKCupid网站在所收集的信息数量方面对用户是坦诚的。他说:"广告现在是,而且一直都会是我们经营模式的一部分,它可以让我们的产品实现免费。"
After an epic regulatory battle in the early 2000s over Web privacy, the online ad industry generally concluded that 'anonymous' meant that a firm had no
access to 'PII,' the industry term for 'personally identifiable information.' Now, however, some companies describe tracking or
advertising as
anonymous even if they have or use people's real names or email addresses.
本世纪初那次关于网络隐私管理问题的争执所建立起的基本规则如今正在经受着考验。当时,美国联邦贸易委员会(Federal Trade Commission)对网络广告公司DoubleClick Inc.与传统邮购资料库巨头Abacus Direct的并购案展开了调查,因为人们担心Abacus会把它手里的居民真实姓名及地址名单与DoubleClick的个人网络浏览档案归并到一起。
DoubleClick(现在隶属于谷歌公司(Google Inc.))最终答应不会那样做。这次争议催生了一个行业自律组织,该组织保证不把用户个人验证信息与网络浏览行为关联起来,除非用户本人选择这么做。
Their argument: It's still
anonymous because the
identity information is removed, protected or separated from browsing history. Facebook Inc., for example, offers a service that shows ads to groups of people based on email address, but only if advertisers already have that address. Facebook says that it doesn't give people's email addresses to the advertiser.
但是真实身份识别的诱惑依然存在。毕竟,这是大多数公司跟踪了解顾客的途径。雅虎公司(Yahoo Inc.)的一名高管说,传统实体商店"在顾客购物或签名办理会员卡时就能够获取姓名、居住城市以及电子邮件地址等信息"。
雅虎公司提供一项名为"对号入座"(Audience Match)的服务,让零售商可以找到并锁定他们的网络客户。雅虎说它使用了匿名化措施,并不向广告商提供用户的真实姓名和网络浏览信息。
'We will serve ads to you based on your identity,' said Erin Egan, chief
privacy officer at Facebook, 'but that doesn't mean you're identifiable.' Facebook, Rapleaf and other companies also say that they anonymize their data.
过去,追踪公司和零售商识别网络用户的真实身份比较困难。今天,仅仅一个网页里就可能有十多家不同广告公司或追踪公司的电脑代码。这些各自独立的代码块经常互相共享信息。比如:如果你像购车人莫勒一样,将自己的名字提交给一家网站,其它在该网站发布广告或者拥有特别代码的公司就有可能会看到你名字。
共享这些信息实在太容易了,《华尔街日报》联系的很多网站都说它们是无意间才共享了信息的。问题解决起来并不难,但是它却存在了很多年。
How does anonymization work? A website uses a
formula to turn its users' email addresses into jumbled strings of numbers and letters. An advertiser does the same with its
customer email lists. Both then send their jumbled lists to a third company that looks for matches. When two match, the website can show an ad targeted to a
specific person, but no real email addresses changed hands.
伍斯特理工学院(Worcester Polytechnic Institute)的计算机科学教授克雷格•威尔斯(Craig Wills)在2011年发表的一篇研究论文指出,100多家网站中有56%泄露了私人信息,泄露信息的方式与《华尔街日报》的研究中所发现的那些方式相似。他说:"信息输入进去了,但是我们无从知道它是被扔到一边不管了还是被人保存下来以备将来之用。"
Jennifer Valentino-DeVries / Jeremy Singer-Vine
Still, the sheer ease with which personal details can be shared online makes it difficult for people to know whether their information is safe. A Wall Street Journal
survey of 50 popular websites, plus the Journal's own site, found that 12 sent potentially identifying information such as email addresses or full real names to third parties.
The Journal tested an
additional 20 sites that deal with
sensitive information, including sites
dealing with personal relationships,
medical information and children. Nine of these sent potentially identifying information elsewhere.
Sometimes the information was encoded and sent in a special
transmission to another company. Other times, though, people's names were simply included in the title or address of the Web page. This information gets sent
automatically to every ad company with a presence on a Web page unless the website owner takes steps to prevent it.
The Journal's own website shared
considerable amounts of users' personal information. It sent the email addresses and real names of users to three companies. The site also transmitted other details, including gender and birth year, which WSJ.com allows people to
submit when they fill out their website profile.
A Journal spokeswoman said that most of the sharing of
personally identifiable information was unintentional and was being corrected. The only intentional sharing of
identity information, she said, was an encoded
version of the user's email address, provided to a company that sends marketing emails to readers who opt to receive them. She said the Journal makes companies it works with sign a
policy that would prevent them from using
improper data they receive.
Another site sharing
considerable information, the free dating service OKCupid, sent usernames to one company; gender, age and ZIP Code to seven companies;
sexual orientation to two companies; and drug-use information -- do you use drugs 'never,' 'sometimes' or 'often'? -- to six companies. It also sent an anonymized
version of email addresses to a firm that says it uses them to help businesses get information about customers in their email lists.
'None of this information is
personally identifiable,' said OKCupid's chief
executive officer, Sam Yagan. He said OKCupid, owned by IAC/InterActiveCorp, is upfront with users about the
amount of data it collects. 'Advertising is and always will be part of the business model. It allows the product to be free,' he said.
The regulatory clash over Web
privacy in the early 2000s established ground rules that today are being tested. At that time, the Federal Trade Commission investigated the merger of the online-ad company DoubleClick Inc. with a
traditional mailing-list giant, Abacus Direct, over concerns that Abacus would merge its lists of people's real names and addresses with DoubleClick's Web-browsing profiles.
DoubleClick (now owned by Google Inc.)
eventually agreed not to do that. The
dispute spawned an industry self-regulatory group that pledged not to link
personally identifiable information to Web browsing unless the person opted in.
But the
allure of real identities remains. After all, that's how most companies keep track of their customers. Brick-and-mortar shops can 'capture things like name, city and email address' when a person buys something or signs up for a
loyalty card, said a Yahoo Inc. official.
Yahoo offers a service, Audience Match, that lets retailers find and target their customers online. Yahoo says that it uses anonymization and doesn't give names or Web-browsing information to advertisers.
In the past, tracking companies and retailers had a tougher time identifying online users. Today, a single Web page can
containcomputer code from dozens of different ad companies or tracking firms. These separate chunks of code often share information with each other. For example: If, like Mr. Morar the car-shopper, you give your name to a website, it can sometimes be seen by other companies with ads or special coding on the site.
It's so easy to share such information that many of the sites the Journal contacted said they were doing so accidentally. The problem is easy to solve, but it has persisted for years.
Craig Wills, a computer-science professor at Worcester Polytechnic Institute, published
research in 2011 showing that 56% of more than 100 websites leaked pieces of private information in ways similar to those found in the Journal's study. 'Information goes in, but we don't know if it's being dropped and ignored or saved for later use,' he said.
Jennifer Valentino-DeVries / Jeremy Singer-Vine