[downandout]

It's like saying that because windows are transparent, it is ok to stare into people's living rooms. It's not - irrespective of transparency or lack of curtains.

Nope. When you enter someone else’s place of business, you have no expectation of privacy. These websites belong to private entities. So it’s more like saying that because you voluntarily walked into my store, it’s ok for me to observe your behavior while you’re there. Which, of course, is completely logical and acceptable to most people.

Don’t want me to track your behavior while you’re in my store? There’s a very simple, 100% effective solution for that: don’t enter my store. Because if you do enter, you have no right to complain that I’m observing you.

[chongli]

Nope. When you enter someone else’s place of business, you have no expectation of privacy.

That's not true at all. When I go to the hardware store to buy a box of nails, I don't have any expectation for the owner to begin following me around for the rest of the day (and in perpetuity thereafter). I also don't expect the hardware store owner to get on the phone with the grocery store owner and ask him what groceries and personal hygiene products I bought.

Also, the comment originally pertained to the Wall Street Journal, a newspaper. Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?

Expectations of privacy have long been enforced by social norms rather than laws. Since technology has granted corporations the means to do an end-run around social norms then we should expect the law to catch up and fill the gaps.

People may not have had a lot of privacy from their neighbours when living in small towns but they could generally count on their community to care about their well being. This is not the case with online businesses of any sort.

[downandout]

Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?

No, nor did I even intimate that. That's your property, not mine. That suggestion is as ridiculous as the one I was trying to refute. But when you enter my property - be it virtual or phyiscal - expect to be observed using whatever technologies and vendors I want that are legal (with a few obvious legal exceptions, such as bathroom surveillance). If, to continue with your newspaper example, you took your newspaper into my store and decided to read it there, I am fully within my rights to observe that you did that, watch you to see if you buy something while you're there, and see if others exhibit that same behavior. Depending on the results of that analysis, I might then decide to move the newspapers to the front of the store, near tables, where you can sit and read because I have determined that newspaper readers are profitable customers. There's nothing wrong with that - I've now used data obtained while you were in my store (where you have no expectation of privacy) to improve both your experience and my profitability.

[thaumaturgy]

People that want to move this discussion forward need to stop using analogies for things in the physical world, because the interactions between a website and a browser aren't similar enough to anything physical. Every single time someone resorts to analogy in one of these threads, it immediately and permanently devolves into an argument over the details of the analogy.

Browsers run code delivered by websites. It's generally considered impolite, at least, to provide code that mines cryptocurrency on visitors' machines. Most people wouldn't defend serving up malware, either. So there is well-established precedent for arguing that there are things a website shouldn't do to its visitors.

Extensive tracking scripts are now falling into the same category as crypto miners and malware.

The explosion of ad blockers on users' browsers is a direct result of websites pushing advertising tactics way too far and not putting enough effort into the safety of their visitors. Tracking scripts will be next. Firefox has a lot to gain from pushing browser features intended to make it look like a more privacy-conscious browser than Chrome; there are already extensions like Ghostery and Disconnect, and uBlock Origin blocks a number of other tracking scripts too.

If website developers don't accept some kind of middle ground in this discussion, they'll be relying on their access logs for all of their data before long.

[hyperdimension]

> need to stop using analogies for things in the physical world

That sounds like HN to me. Nothing likes analogies like HN likes analogies.

Put it this way--analogies are like cars. When they're good, they're great, but when they're bad, they're really bad.

[downandout]

>Extensive tracking scripts are now falling into the same category as crypto miners and malware.

That's definitely your opinion, and it is one that is not widely held. How do I know this? Because Facebook's usage - despite a deluge of recent headlines headlines that vastly overstated their privacy issues and made it the poster child for extensive tracking technologies - hasn't gone down. So, roughly 2 billion of the world's Internet users disagree with you.

[thaumaturgy]

It doesn't work that way, and I think you know it.

Only 26% of web users in 2016 had installed ad blockers [1]; that doesn't mean you get to say, "74% of web users don't mind advertising and malware".

Facebook announced its first net loss of North American users last quarter. They're expected to post a much larger loss during the Q1 review on Wednesday [2] as a direct result of the Cambridge Analytica scandal.

I guess you can stand steadfastly behind the position that "nobody cares because there are 2 billion users", and ignore the falling metrics for user engagement [3], and the protests (see the picture at the top of [2]), and the senate hearing, and the media coverage, and the millions of Ghostery and Disconnect users who've gone to the trouble of searching for and installing extensions specifically to block tracking, and Firefox's built-in tracking protection. Sure, aside from all that, nobody cares.

But this isn't an issue that's going away yet, no matter how much you want it to.

[1]: https://www.wired.com/story/google-chrome-ad-blocker-change-...

[2]: http://www.businessinsider.com/facebook-users-want-revenge-a...

[3]: http://money.cnn.com/2018/01/31/technology/facebook-earnings...

[downandout]

As for your argument that Facebook usage has dropped as a result of the recent privacy outrage, it has not - at least according to Mark Zuckerberg as of April 10, 2018 [1]. Remember that the outrage of journalists - driven by a desire for clicks - is not the same as public outrage. Other factors (such as people spending more time on Instagram, or life in general) may have contributed to a decline in engagement prior to the media-driven "scandal," but at least at this point the recent headlines have had no discernible impact.

We'll have to agree to disagree on the rest of your argument. Most of the 26% of users that have installed ad blockers (including myself) have done it not so much to thwart tracking, but to put an end to the poor user experience that many intrusive ads create on web pages. Visit any local newspaper site with your ad blocker disabled to view what I'm talking about. Many sites aren't even usable without an ad blocker these days. I am in the ad blocking-for-user-experience camp...I could care less about tracking. In fact, for the ads that I do see, I like them being highly targeted. I went for years without clicking on a single ad on the web. Only in the last year or two have I found them relevant enough to click every now and then. Since these advertisers aren't given any personally identifiable data by the ad networks, I don't feel any violation of my privacy either.

[1] https://www.cnbc.com/2018/04/10/zuckerberg-in-joint-senate-c...

[matt_kantor]

The various analogies used in this thread lead to contradictory conclusions because they start from different places:

Should browsing the Sears website be more like reading a Sears catalog in your own home, or more like physically walking into a Sears store? It's clearly got some aspects of both.

You can't just assume one is the "right" view and then use that to argue your point, because once you boil it down that's precisely the thing you disagree about.

EDIT: I see thaumaturgy made essentially the same point in a sibling comment.

[teaneedz]

What is the name of your business or employee, @downandout? I wish to avoid it.

[dforrestwilson]

I don't think either of these analogies is accurate?

It's more like Home Depot slapping a GPS tracker on my person, which I am take with me when I leave the store, isn't it?

[downandout]

Does HomeDepot.com get to see where else you go on the Internet because they have tracking code on their site? No, they do not. They cannot obtain this data from the major tracking vendors (Facebook, Google etc.) either. Granted, the vendors themselves can often see cross-site behavior, but the individual sites using these trackers cannot and aren't given access to this information.

[JangoSteve]

I agree with the other comments that the analogies kind of hide the ball on the real issues here. But in this case, I think it's more like Home Depot putting up security cameras that send all the footage of you to the camera manufacturer. In turn, that camera manufacturer runs facial recognition to automatically combine your Home Depot activity with your activity from all other business that use their cameras (which is 1/2 to 3/4 of the business you visit [1]), including the pharmacy, gas station, grocery store, bank, etc. Oh, and the information at the registers integrates with the cameras as well. And then the camera manufacturer sells your aggregate, combined data to advertisers who then set up shop at kiosks in the stores (the kiosks are owned by the camera manufacturer by the way), so that they can sell you stuff while you're there. And if the kiosk in Home Depot can't get you to buy something, they'll just get the kiosk at the bank to continue where they left off.

[1] https://trends.builtwith.com/analytics/Google-Analytics

[oldcynic]

You're effectively suggesting people take all their business offline again.

When I walk into store (a) it's reasonable to assume that store (a) might be observing my behaviour, along with perhaps a sub-contracted security company etc. It's less reasonable to assume that walking into store (a) gets me observed by stores b-z and subcontractor 1-255 which is more like what happens on the web. They don't generally follow around town for the rest of the week either.

Go to web site or store and get observed by Google, Facebook, and dozens of assorted analytics companies who will then endeavour to track you wherever you go next, for as long as possible.

Now then, ignoring JS and adblocking for a moment, which mainstream ecommerce or news sites can one frequent in order to adopt the "100% effective solution" of not being tracked?

[mcgarnagle]

"Walking into a store can get you observed by stores b-z and subcontractior 1-255"

Well what about the new amazon retail store, that records your every move?

Also what about stores or shopping malls that contract their security cameras out to other companies? Surely those security companies may be doing all kinds of stuff with people's facial recognition data.

[oldcynic]

Most of the new data landscape is only adopted reluctantly - no shopper was given a choice in this. The fact that consumers feel powerless, and every medium to large business feels they must grab all the data possible, doesn't make it right.

Amazon's high street store is an easy to avoid aside until a Tesco or Walmart tries it.

I hope that GDPR restricts the extent of "all kinds of stuff" that companies wish to do to cctv security footage. I suspect it won't be nearly enough. The trouble with cctv is the consumer/shopper has effectively no way of knowing thus should be quite strictly regulated.

[Erwin]

Sounds like applying the web tracking to the real world could be the next evil business idea.

When I somehow get upgraded to business class while flying it is rather flattering to be greeted by the stewards by name while being offered a glass of decent champagne.

What if your store could do the same for people considered social influencers or "whale" spenders? As they enter the store, dispatch your Personal Shopper squad to gently welcome them, and nudge them towards purchases -- or if nothing else, a little social media moment worthy to share with their followers.

Perhaps their social posting history will reveal a hyper-personalized special offer that can make them buy that $2000 handbag.

[jstarfish]

> Sounds like applying the web tracking to the real world could be the next evil business idea.

At what point does this behavior run afoul of stalking laws?

[gowld]

Your opinion is not a "nope". It's your opinion. Others differ.

For example, stalking is illegal.

https://en.wikipedia.org/wiki/Stalking#Laws_on_harassment_an...

as is wiretapping

https://en.wikipedia.org/wiki/Telephone_recording_laws#Two-p...

[downandout]

You're right that both of those things are illegal. However, neither one has anything to do with this discussion. It isn't my opinion that a tracking cookie is no way equivalent to peering into someone's window in their home. It's a fact based on knowledge about how each activity works.

[laythea]

That's ridiculous. If a normal shopper walked into a store and had surveillance on him/her (I don't mean the normal security cameras here - I'm talking about in depth surveillance, the in-person equivalent of a website tracker), I am sure them same stores would go out of business fast.

The point here is that they do it just because the snooping is invisible. And that irks me.

[downandout]

You do know that most big stores use automated video analysis nowadays to optimize inventory placement, analyze in-store traffic flow, detect shoplifting, detect slip and falls, etc right? Some have begun using license plate readers at parking lot entrances. Oh and...they are completely within their rights to do it.....being a private business and all.

The point is, don't come on my property - physical or virtual - unless you don't have a problem with your behavior being observed while you're there.

[russdpale]

Just because its on your property does give you carte blanche to do anything you want to me. I dont see how this is a reasonable argument.

You cant tracke in your bathroom or changing stalls. You cant listen to my phone calls or ask me intimate personal details about where I have been without explicitly asking me.

[downandout]

Are you arguing that Facebook is watching you in your bathroom or listening to phone calls? To my knowledge, nobody in the physical or virtual world is doing either of these things.

[laythea]

My point, is that there is "observed" and there is "observed".

[Govannon]

>Nope. When you enter someone else’s place of business, you have no expectation of privacy.

This is only somewhat true. At the spa for instance, you very much have an expectation of privacy. Practically speaking it is sort of contextual? Even at say a restaurant, I would be both surprised and disconcerted to discovered the business had recorded the entire conversation that occurred at my table, even though I would be unsurprised by a bit of eavesdropping.

[downandout]

There are laws that specify that certain types of surveillance/tracking cannot take place. In most states, you cannot be recorded in the bathroom, for example. There are also federal laws against recording of audio in most public places - this is why casinos have incredibly sophisticated video surveillance and analysis software, but do not have microphones to listen in on conversations.

So the rules of the tracking and surveillance road are well defined, and most businesses adhere to those rules. All of the privacy complaints I have seen recently did not involve violations of the law. Rather, these complaints are essentially that people have a fundamental human right to use private services being run at the cost of private entities on the terms that users choose, which just isn't how the world works.

[taneq]

> So it’s more like saying that because you voluntarily walked into my store, it’s ok for me to observe your behavior while you’re there.

No, it's more like saying that if I phone your store to ask how much some item costs, you think it's OK to come over to my house and peer through all of my windows.

[pmoriarty]

"When you enter someone else’s place of business, you have no expectation of privacy."

So you'd have no problem with a restaurant owner bugging all their tables and listening in on their customers' conversations?