Just in case you missed all of the commotion this summer, WebRTC was placed right at the center of an interesting privacy problem as a result of its use by the venerable New York Times on its Nytimes.com website to track the private IP address of visitors. While NYT apparently is not using the information gathered for nefarious purposes, unless you consider building better visitor profiles for marketing reasons nefarious, there are two obvious problems here.
First, at a high level here in the U.S., NYT is obtaining private information without user consent. It has been able to do so by exploiting the fact that WebRTC enables supported websites to read the private IP addresses of visitors. In fact, this capability in WebRTC allows for circumvention of tools designed to actually block precisely this activity.
Second, as if the first was not bad enough, as numerous comments were quick to point out and post, such practices happen to be a violation of European Union law. Specifically, given how popular WebRTC has become in Europe, the language everyone needs to be aware of is:
“The use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller.”
All of this relates back to the huge raison d'etre for big data and sophisticated analytics. In a world where buyers now have more access to better information and options, sellers want to have as complete a user profile as possible to make their marketing campaigns both more efficient and in theory more effective. After several decades of it first being postulated by famous futurist Alvin Toffler, we are getting ever closer to what he described as the effective targeting of “The Market of One.” And key to that targeting obviously is IP address information as it is the breadcrumbs we leave that enables sellers to build more context-rich profiles of all of us.
What the NYT revelation shines a light on is where to draw the line on what should be considered the acceptable practices for capturing our information and where consent should play a part. It is understandable that marketers hate the fact that public IP address exposure provides them less than perfect information about us, and that they recognize that asking for consent about exposing private IP addresses might lead to people not being pleased. However, as the release of the rules regarding robocalling in the U.S. by the Federal Communications Commission highlights, and which made direct marketers grumpy to say the least, we are heading toward a more permission-based interactive world.
In short, while there is great and growing enthusiasm for WebRTC, applications and service developments using the technology cannot and should not be done with a lack of recognition of their context in real use cases. WebRTC enables a lot of great things, but as with all technologies, it also enables activities or capabilities with a dark side. Let the NYT example serve as a warning.
Peter Bernstein is a senior writer/editor for TMCnet, the online entity of CUSTOMER’s parent company, TMC.
A Refresher on WebRTC
As Phil Edholm (News - Alert) wrote in the May issue of CUSTOMER, when WebRTC started back in 2012, it was perceived to be all about the browser. Most pundits and industry players talked about how WebRTC would enable communications without downloads by using the browser as the basis and WebRTC as the implementation. By using the WebRTC capability built into the browser and the HTML/HTML5 presentation as the visual for the application, the strategy was that WebRTC would replace the PC-based applications over time, while ushering in a new paradigm in communications.
While PC/desktop/laptop apps are still important, the rise of the mobile app has dramatically changed the marketplace. In fact, many users start with the mobile app and migrate to the PC/desktop/laptop app only when they are using that device and it is more convenient. This trend is being reflected in the way WebRTC is being adopted, and may be the clear trend in how WebRTC rolls out. Facebook (News - Alert) used the stack in its Messenger client, while Amazon Mayday used the stack as well.
Edited by Maurice Nagle