Paywalls and adwalls re-visited
Kat Krol and Sören Preibusch discuss "effortless privacy negotiations" (pp. 88-91) in the May/June 2015 issue of IEEE Security & Privacy. In doing so, they (inadvertantly) address some of the questions I wondered about in an article for The Social Interface last year — most notably, whether or not people would be willing to pay for services of the sort now provided by advertising, if it meant that they could obtain the services without handing over data to advertisers.
According to the research cited by Krol and Preibusch, most people would not, but a significant number of people would. I think I suspected as much when I wrote my article, but Krol and Preibusch propose a slightly different (but perhaps complementary) explanation for why they wouldn't: most people value the tangible and immediate gain of access to a service more than the nebulous and future risks of handing over private data.
In the same issue of Security & Privacy, Angela Sasse scolds security nerds for "scaring and bullying people into security" (pp. 80-83) with fearsome dialogues intended to warn people of the risks — again, mostly distant and nebulous — that they face in clicking on links that don't meet the approval of the security community. The same might be said of privacy nerds who demand that privacy policies be read and rejected if readers can imagine misuse of the policy.
Whatever the explanation for people who won't pay, those who would pay might wonder: where do I go if I want to search the web or join social media, but I don't want the ads? None of Google, Facebook, or Twitter will take my money!
Krol and Preibusch mention one (experimental) solution from Google, for whom Preibusch works: Google Contributor. According to Contributor's web page, subscribers to the service will see "pixel patterns" or "thank you messages" instead of ads on participating web sites. (This sounds a bit kludgy but I guess it's a start). But the article focuses on negotiation between users and service providers.
I've seen proposals for negotiating privacy settings before, but never found them particularly convincing: why would anyone agree to anything other than handing over the minimum amount of information required to get the job done? Krol and Preibusch identify the point I was missing: the participants need to negotiate not just the privacy settings, but the service they get in return for them. So those who'd rather pay than see targeted ads, for example, could negotiate untargeted service in return for a subscription. (This might not just be about privacy: my main objection to advertising isn't that I'm worried about the data collection involved, it's that I find it irritating.)
The title of Krol and Preibusch's article identifies the obvious weakness in all this negotiation: it takes a lot of effort to both provide and use such a flexible service. Of course reading and understanding current privacy policies requires a fair bit of effort too, which is partly why they remain largely unread and ununderstood. (The other part is that the reader can't do anything about them anyway, for which negotiation might offer some remedy.)
Still, well-designed computer systems can take a lot of the effort out of things that might otherwise be tedious and time-consuming. Krol and Preibusch don't describe any particular solutions; their article is more of a call-to-arms. I don't kow if negotiation is the solution — I'm at least as interested in Google Contributor, which has the advantage of existing — but Krol and Preibusch have at least renewed my interest in something I'd previously dismissed.