Thursday, January 08, 2015

The state of privacy and why it matters.



What if there was a database that had records such as the following:

There is a user, known only as #2348585 who is male, 45 years old, and lives in zip code 30443.  He uses anti-depressants, prefers ibuprofen as a pain reliever, likes the color blue and the band Ben Folds Five.  When eating out, he likes steak but doesn’t buy it at the grocery store where he buys lots of prepared meals and store brands.

As a result, this user gets served with very targeted ads while online.  The ads are for steak restaurants, depression-related medications and treatments, grocery store private labels.  All of the ads have lots of blue colors and Ben Folds Five music often plays when the ad appears. 

But the database doesn’t actually know who this user is.  It doesn’t have his name, social security number, address, or any individually personally identifying information.  A dedicated hacker could probably figure out who this is, but the opposite direction would be almost impossible – his worst enemy who doesn’t know these things about him and so  probably couldn’t find this particular record in the database.  And if the super hacker already knew enough of these to find the unique record, he probably wouldn’t need to.  Unless he wanted to play some practical jokes and have him served with totally untargeted ads, with lots of red and playing Beethoven.

This is not far off from what Google, Facebook, Amazon, and other ad serving systems do to you already.  Does this feel like a violation of your privacy?  If you like steak restaurants, is it worth giving up this amount of privacy to get steak restaurant ads instead of the Red Lobster ads?  Is the inclusion of depression treatments a step too far or just another benefit you appreciate getting?