May 17, 2012

In a blog post today announcing Twitter’s new tailored suggestions system is something that has left me shocked: an overt admission by Twitter that it is transparently tracking your movements around the web. Othman Laraki, on the Twitter blog:

These tailored suggestions are based on accounts followed by other Twitter users and visits to websites in the Twitter ecosystem. We receive visit information when sites have integrated Twitter buttons or widgets, similar to what many other web companies — including LinkedIn, Facebook and YouTube — do when they’re integrated into websites. By recognizing which accounts are frequently followed by people who visit popular sites, we can recommend those accounts to others who have visited those sites within the last ten days.

Basically, every time you visit a site that has a follow button, a “tweet this” button, or a hovercard, Twitter is recording your behavior. It is transparently watching your movements and storing them somewhere for later use. Right now, that data will make better suggestions for accounts you might want to follow. But what other things can it be used for? The privacy implications of such behavior by a company so large are sweeping and absolute.

If tracking your behavior transparently is acceptable in the pursuit of a better user experience, why isn’t it also acceptable in the pursuit of monetization? Is it okay for Twitter to sell your web browsing history to advertisers? The company is playing with a very slippery slope.

I’m not particularly surprised that Twitter is doing this kind of data analysis or collection. Facebook is almost certainly doing the same thing. But it is wrong. People do not expect Twitter or Facebook to know about their movements on the web. But they do. And that information is being stored somewhere. It is a violation of privacy and trust.

I’m amazed that Twitter is overtly admitting to this behavior without considering the privacy implications. How many people have access to the data Twitter is collecting? Can any Twitter employee who has production database access look at Mitt Romney’s browsing history? Can they look at your browsing history?

These kinds of questions are extremely important, but there are no answers.

See also: Stealing your address book

Update: It is true that Twitter has committed to following the “Do Not Track” flag, which “asks” websites to not track your behavior. I think that is a distraction from the real issue; tracking should not be opt-out. It should be opt-in. At least until such behavior by companies is commonly understood. I have no problem with Twitter or Facebook tracking me, as long as I know about it and as long as normal people who use those services know about it.

Also, Twitter’s communications team emailed me with some specific information in response to my questions. From the email:

Is it okay for Twitter to sell your web browsing history to advertisers? As we state in our Privacy Policy, this is not something we do, nor would we do. That’s counter to how we treat our users and their data. Here’s a link to the Privacy Policy: https://twitter.com/privacy.

Further, regarding browsing history:

You also mention “browsing history” several times in your post. On that point, to protect your privacy, we do not maintain browsing history. We start the process of deleting your visits to pages in the Twitter ecosystem after a maximum of 10 days. We only keep tailored suggestions for you, as explained in our privacy policy.

1,956 Kudos