Your browser history as Attention data?

Have you thought of your browser history as attention data? I have some thoughts on this. Not all good.

Two companies are thinking this way.  Tailrank is one. You can go to this Import page and give the site permission to look at your browser history for blogs you've visited and make browsing recommendations based on that data.

The other is company is Brightcove, Jemery Allaire's online video start up. In this post it mentions that a forthcoming release will "prebuild the recommendations from your browser history using some crazy AI kung-fu.". (Update - apparently this Brightcove post was an April fools joke. It got me....but as you can see - entirely plausable....)

Your browser history as attention data?

There is good, bad and ugly in this....

The Good

In Tailrank's case, you need to give the site explicit permission for it to trawl you browser history. That's a good thing.

Your browsing history is valuable. Very valuable. Cool stuff can be done with it.

But giving up your browser history isn't just a case of having a cookie placed so it can track your behavior on the cookie issuing site. We're talking about all your browsing history (i.e. the urls you've visited down to individual page level) across all sites.  If the value proposition is right, this sounds like a good deal - I give you my browser history and you provide personalized content / recommendations. This may be appealing to some, but not me.

The Bad

The implicit bug in the 'reading the browser history' approach is the realization (for me at least) that a malicious site could do something you don't want it to do - i.e. look at your entire browser history (up to when you last deleted it).  Why does this matter? Well, apart from the privacy invasion, there are real security concerns here. 

Before I go further, I need to point out that you need to give explicit permission for the Tailrank site to be able to look at your browser history under default security settings of most browsers. You can't just land on a page for a site to look at your browser history. You need to click on something that gives the site permission to look. This is true for IE and Firefox.  I tested Tailranks 'Auto-Configure' implementation (uses javascript). In IE at 'Medium' security, after I click the 'Auto'Configure' button Tailrank chugs away and trawls just fine. At 'High' security setting IE, Tailrank barfs - the javascript is disabled.

The problem is that you can be fooled by malicious sites into giving this permission. You could be fooled into clicking a link or button that doesn't do what is says it's going to do and does something else instead. That's bad.

And The Ugly

What's the worse that can happen?

All Your Browing History Are Belong To Us.

Well, apart from the privacy invasion (your search history can be determined by the urls in your browser history), there are all sorts of nasty things that can go on.

One example is the fact that some sites are designed with appalling security - explicit storage of usernames and passwords in the url is not unknown. Nasty. If you happen to use the same username and password across multiple sites, then the malicious can try out the unencrypted usernames and passwords on other more secure sites (that listed in your browser history) potentially yielding some very bountiful results. Nasty, nasty.

In Attention Data We Trust

The attention landscape is and will be full of privacy concerns - there is an ongoing balancing act between potential abuse of the data 'submitted' and the potential benefits in providing that data.

At the end of the day, it is down to individual risk assessment. As a 'customer' you need asses whether you can trust the site to provide you with more relevant experience based on your attention data and do so in a safe manner.

The browser history case is the one of the more poignant examples in this regard. We're not even talking about malicious sites here. You not only need to trust the site owners in terms of proper use of the data that is collected (their privacy policy and its adherence) but also trust their staff's competency in securing their infrastructure - if the data store that holds your data is not properly secured with proper physical security, rigorous policy and processes then you risk saying bye bye to your data (a la Mastercard).


My Attention writings


Tags: attention security trust mydata