A Privacy Arms Race

I’m continually amazed how creative people can be. The news that Crashlytics is using custom fonts to track users is both fascinating and horrible. I think John Gruber does a good job of capturing the regular person response to this:

The basic fact remains: custom fonts, however they’re installed, are not meant to be used for tracking users.

Sure, custom fonts weren’t intended to provide this “feature” ( I use that term loosely ), but that is the essence of a neat hack ( in the old school traditional use of the word ). From a purely technical point view, it is impressive to see someone come up with a method to use an existing system in a way the original creators not only never intended, but never even imagined.

While part of me is impressed with the clever hack, over all, as a user, as a person, I find it tiring. This is yet one more thing to deal with. Each one by themselves is relatively small, but the sum of them together is awful. Death by a thousand paper cuts.

Apple has been trying to put a hard line on what they will and won’t allow, leaning on the side of making it possible for users to have some privacy controls. A good example of this is the Webkit Tracking Prevention Policy. That in turn has contributed to Firefox and Chrome taking action to do more regarding privacy options. None of them are perfect, but each are a definite course change from what we’ve seen in the last few decades.

A clever developer figured out how to exploit fonts, and Apple and others will respond by making that harder. Expect this to be an ongoing circle.

We are in the middle of a privacy arms race.

2 replies on “A Privacy Arms Race”

Unfortunately, most of the economic incentives on the web right now are pointing into one direction: eroding privacy.
There are multiple paths:
– by knowing more of our users, we can provide them with more targeted ad which will convert better
– by knowing more of our users, we can provide them with content which will “steal: more of their attention…

It’s a complete shift that we need, one where users don’t have to expose anything about themselves, while yet be able to “pay” for the work that creators provide.

This is the kind of things that we’ve been trying to tackle at Unlock.

Agreed that we have strong economic incentives that push the “more tracking approach”, more often than not. I’d be thrilled to see a successful alternative.

Leave a Reply

Your email address will not be published. Required fields are marked *