Fellow PhD student Alice Marwick blogs about TechCrunch’s coverage of ClickTale, the latest in website surveillance tools:
ClickTale shows you the full story: every mouse movement, every click and every scrolling action. By using ClickTale you will gain insights that will improve your website’s usability, enhance navigation, and increase effectiveness.
Webmasters can add a small piece of javascript code to their web pages which collects browsing data of all their visitors and transmits it to the ClickTale servers for processing & reporting.
ClickTale does not have a privacy policy, but does offer this nugget in their FAQ:
How is user’s privacy affected?
ClickTale provides detailed information about users’ browsing behavior, so that usability of websites can be improved. ClickTale does not record any activity outside of the specific web page or outside the browser (no personal files recorded, no internet history, and no interactions with locally installed software). Also, ClickTale does not track users between websites. Inside the browser, no passwords are recorded.
Rose-colored glasses, eh? No mention about what the folks at ClickTale do with the data themselves (it all is stored on their servers, afterall). No mention of whether users actually consent to such monitoring, or if they can do anything to prevent it.
In the comments of the TechCrunch post, a representative of ClickTale makes this remark in reaction to others’ privacy concerns:
LOL. You might be surprised but most of the users are not concerned by this like you do. This is a personal preference and we respect that. There is an option to install a cookie that will disable the service for you (more on this in our soon to be released privacy policy), or you can use whatever tools that you are familiar with if you don’t like cookies.
That’s real nice. Not only does ClickTale not have a privacy policy (“soon to be released”), they find privacy concerns laughable and a minority position. According to their moral compass, protecting one’s privacy is the burden of user, who must install a special web cookie or some other technical tool to block the service (which, of course, assumes they actually know the tracking service is in place).
I concur fully with Alice’s assessment:
Again, privacy is reduced to a boutique concern of a small number of users. This is unbelievably irresponsible and I have no problem calling ClickTale out on that. There are plenty of ways they could require informed consent from users, but they know that marketers far prefer users not to know about tracking, because users will then opt out. These types of technologies should not be opt-out in the first place, and I am curious how this will fly in the EU where privacy rights are more strict than they are in the United States (which has some of the weakest privacy rights in the world).
…The argument “privacy is dead anyway” is a straw man. Privacy rights have diminished greatly in the United States because people don’t know that most privacy violations are going on, people don’t know what their rights are, and because the government has not legislated any sort of privacy protections. If these things changed, we could have a greater expectation of privacy. To say “there’s nothing we can do” ignores the fact that we are going to see more technologies like this which are increasingly intrusive and problematic.
My solution would be legislative, since neither marketers nor technology companies seem to be able to follow an internal code of ethics. Similar to anti-spam laws, technologies which track user data should a) notify the user and b) require consent to proceed. I also believe that tracking cookies (like DoubleClick) violate privacy, and this type of requirement would cover those as well.
MichaelZimmer.org 
2 comments