By Robert Luhn
(11/21/02)
| Editors' note: Love it, hate it, or laugh at it, America Online isn't going away. One of the longest-lived ISPs, AOL is still the way 35 million people worldwide send e-mail, surf the Net, bicker in forums, or send instant messages. Columnist Robert Luhn has been an AOL user for more than a decade, but this is no AOL booster section. Anyone who has used the service can attest to its many flaws and frustrations. This new column, AOL Nation, will look critically at AOL's products, services, and practices. We'll tell you what's superb, what stinks, how to get the most out of AOL, and what issues may affect your pocketbook or your sanity. |
Can you trust AOL?
The big question on our minds today: Can you trust AOL? When you sign up for the service, provide a credit card number, visit a forum, send e-mail, surf the Web, or buy from a certified AOL merchant, what happens to that information? What data does AOL collect and sell and to whom? In short, should you be worried?
Yes, say some critics. "AOL's power to obtain data is unmatched...and [its] history is marked with privacy controversies," says David Cassel, founder of AOL Watch. "People are rightly concerned about AOL's plans for its users' personal data."
Dr. Jason Catlett, a data mining expert and founder of Junkbusters, is equally adamant about AOL's history of customer privacy. "AOL's track record is checkered--although they've been doing better recently."
Prying eyes
How much better is a matter of some debate. Just last month, the U.S. Court of Appeals nailed AOL for the "smart download" feature built into certain versions of the Netscape browser (namely Navigator 4.x and earlier), which tracked downloads and reported the info back to AOL's Netscape subsidiary.
The case is just the latest in a string of privacy controversies involving AOL. Way back in 1997, AOL quietly changed its terms of service so that it could sell customers' home phone numbers to telemarketers. The uproar from users and the New York attorney general's office forced AOL to back down, but the company held on to wording that allowed it to share members' surfing habits with the same companies. (That wording, too, was eventually dropped.) In 1998, AOL was in the soup again for disclosing to a Navy investigator, who lacked a court order, that an anonymous user profile (listing marital status as "gay") belonged to a Navy officer, who was promptly discharged.
Got angst? A few months later, AOL agreed to stop targeting ads at users based on their surfing habits. In 1999, AOL forced subscribers who had already opted out of the company's marketing pitches to "restate their preferences," no doubt hoping that many wouldn't opt out a second time. With the dawn of the new millennium came new gaffes. First, the "smart download" controversy, then in 2001, a Privacy Foundation report claimed that the Monster.com job site shared user data with AOL.
AOL: the gold standard?
To be fair, AOL isn't the only company on the planet to cull customer data for marketing purposes. "AOL's privacy practices aren't wonderful, but they're entirely in line with what large American companies do," says Dr. John Levine, who runs the Network Abuse Clearinghouse and is coauthor of Internet Privacy for Dummies. "Besides, we have no European-style data protection laws, so pretty much anything is fair game."
Yet one company spokesperson we talked to trumpets AOL as the "gold standard for Internet privacy," a claim that makes some privacy experts guffaw. But after talking with company representatives and reviewing AOL's privacy policies (keyword: privacy policies), it's clear that the service has made some progress since the dark old days. But has it come far enough?
At first blush, I thought yes. An AOL representative told me that the service sells only names and addresses and as mailing lists only, not databases. The company doesn't gather surfing and usage habits individually but only en masse, in order to pinpoint popular areas, traffic problems, and so on. And, of course, AOL claims it doesn't read e-mail or give anyone your screen name or credit card or telephone numbers (unless you authorize it to).
Tarnished metal
But dig deeper, and exceptions pop up. AOL doesn't collect passive browsing data (where you go and what you look at), but it does record active purchasing (what you buy, the cost, and the product category), which AOL uses to market goods and services back to you.
"If you buy a digital camera, for example, we might later suggest you buy a photo printer," says spokesman Andrew Weinstein. More unsettling: AOL also matches your name and address to "publicly available information," such as census tract income data, and sells it to "prescreened" direct mail companies. How are these companies prescreened? AOL wouldn't say.
What about ads? According to AOL, a small fraction of the ads it serves you is based on your computer type (PC or Mac), OS, and zip code, and the ads come only from AOL--and from third-party advertisers, who can place a cookie on your PC.
Is such activity nefarious? Not really, and especially not when compared to other privacy shenanigans. And if you dig into AOL's keyword: marketing preferences, you should be able to opt out of such lists, which amounts to most of the marketing clutter thrown at you by AOL and other direct marketers but not ads and certain AOL announcements. But shouldn't AOL's default setting be to opt out? After all, you pay for AOL, so why should AOL package and sell any information about you?
So, is AOL really a gold standard? No. Call it a bronze standard that needs some polishing. Bottom line: stay skeptical and pay attention. In the AOL Nation, the price of freedom from spam, marketing pitches, and privacy invasion is eternal vigilance.
The big question on our minds today: Can you trust AOL? When you sign up for the service, provide a credit card number, visit a forum, send e-mail, surf the Web, or buy from a certified AOL merchant, what happens to that information? What data does AOL collect and sell and to whom? In short, should you be worried?
Yes, say some critics. "AOL's power to obtain data is unmatched...and [its] history is marked with privacy controversies," says David Cassel, founder of AOL Watch. "People are rightly concerned about AOL's plans for its users' personal data."
Dr. Jason Catlett, a data mining expert and founder of Junkbusters, is equally adamant about AOL's history of customer privacy. "AOL's track record is checkered--although they've been doing better recently."
Prying eyes
How much better is a matter of some debate. Just last month, the U.S. Court of Appeals nailed AOL for the "smart download" feature built into certain versions of the Netscape browser (namely Navigator 4.x and earlier), which tracked downloads and reported the info back to AOL's Netscape subsidiary.
The case is just the latest in a string of privacy controversies involving AOL. Way back in 1997, AOL quietly changed its terms of service so that it could sell customers' home phone numbers to telemarketers. The uproar from users and the New York attorney general's office forced AOL to back down, but the company held on to wording that allowed it to share members' surfing habits with the same companies. (That wording, too, was eventually dropped.) In 1998, AOL was in the soup again for disclosing to a Navy investigator, who lacked a court order, that an anonymous user profile (listing marital status as "gay") belonged to a Navy officer, who was promptly discharged.
Got angst? A few months later, AOL agreed to stop targeting ads at users based on their surfing habits. In 1999, AOL forced subscribers who had already opted out of the company's marketing pitches to "restate their preferences," no doubt hoping that many wouldn't opt out a second time. With the dawn of the new millennium came new gaffes. First, the "smart download" controversy, then in 2001, a Privacy Foundation report claimed that the Monster.com job site shared user data with AOL.
AOL: the gold standard?
To be fair, AOL isn't the only company on the planet to cull customer data for marketing purposes. "AOL's privacy practices aren't wonderful, but they're entirely in line with what large American companies do," says Dr. John Levine, who runs the Network Abuse Clearinghouse and is coauthor of Internet Privacy for Dummies. "Besides, we have no European-style data protection laws, so pretty much anything is fair game."
Yet one company spokesperson we talked to trumpets AOL as the "gold standard for Internet privacy," a claim that makes some privacy experts guffaw. But after talking with company representatives and reviewing AOL's privacy policies (keyword: privacy policies), it's clear that the service has made some progress since the dark old days. But has it come far enough?
At first blush, I thought yes. An AOL representative told me that the service sells only names and addresses and as mailing lists only, not databases. The company doesn't gather surfing and usage habits individually but only en masse, in order to pinpoint popular areas, traffic problems, and so on. And, of course, AOL claims it doesn't read e-mail or give anyone your screen name or credit card or telephone numbers (unless you authorize it to).
Tarnished metal
But dig deeper, and exceptions pop up. AOL doesn't collect passive browsing data (where you go and what you look at), but it does record active purchasing (what you buy, the cost, and the product category), which AOL uses to market goods and services back to you.
"If you buy a digital camera, for example, we might later suggest you buy a photo printer," says spokesman Andrew Weinstein. More unsettling: AOL also matches your name and address to "publicly available information," such as census tract income data, and sells it to "prescreened" direct mail companies. How are these companies prescreened? AOL wouldn't say.
What about ads? According to AOL, a small fraction of the ads it serves you is based on your computer type (PC or Mac), OS, and zip code, and the ads come only from AOL--and from third-party advertisers, who can place a cookie on your PC.
Is such activity nefarious? Not really, and especially not when compared to other privacy shenanigans. And if you dig into AOL's keyword: marketing preferences, you should be able to opt out of such lists, which amounts to most of the marketing clutter thrown at you by AOL and other direct marketers but not ads and certain AOL announcements. But shouldn't AOL's default setting be to opt out? After all, you pay for AOL, so why should AOL package and sell any information about you?
So, is AOL really a gold standard? No. Call it a bronze standard that needs some polishing. Bottom line: stay skeptical and pay attention. In the AOL Nation, the price of freedom from spam, marketing pitches, and privacy invasion is eternal vigilance.
| AOL Nation archive | Show me more Internet coverage |
Former CNET Executive Editor Robert Luhn, who writes this column for CNET Reviews, also believes that AOL should change its focus from an information and entertainment portal to schnauzers, making it the world's first "schnortal." Want to share your ideas? We'll pass it on!
