If you make a product designed to help people protect their privacy, a shout-out from Edward Snowden is marketing gold. That’s what happened recently for the makers of Ghostery, a free Web browser plugin that shows users which companies are tracking their online habits. The tool, which lists third-party firms collecting data in a small pop-up, has quietly amassed 20 million users worldwide – and now we know the world’s most famous leaker is among them. During Snowden’s remote appearance, he recommended three tools for listeners who were worried about their privacy, including Ghostery.
Andy Kahl, senior product strategist for Ghostery, swears he had no idea Snowden was a fan before he mentioned the firm during his remote appearance at the South by Southwest festival, Snowden’s first public appearance since blowing the whistle on the NSA.
In fact, Kahl says he was kidding before Snowden’s talk about how they might use the appearance for marketing purposes.
“I was making a joke that if Snowden were to sneeze and that sneeze sounded like Ghostery, we could get some mileage out of that,” Kahl said. He’s been on the phone with journalists and sifting through speaking invitations ever since.
Snowden’s mention of Ghostery was a bit curious, as the product really has nothing to do with government surveillance, but rather corporate data collection for marketing purposes. In fact, at one point during the appearance, Snowden and co-panelist Chris Soghoian raised a distinction that causes a bit of a split among privacy advocates: Which is the bigger problem, government or corporate invasions of privacy? Soghoian and Snowden said they were both far more worried about government intrusions, but Kahl thinks there it isn’t quite an either/or question. We discussed this and many other privacy issues in a recent chat. For a privacy technologist, his views are surprisingly non-paranoid.
Governments can deny people rights, but that’s rare. Companies can and do track millions of people. Which is worse in your eyes?
I don’t know that there’s a ton of value saying one is worse than the other. … If you want to argue from a civil liberties standpoint, it’s important for everyone, that’s more important, and I want to guard those rights for all of you forever. It’s clearly more tedious by comparison, the uses of data that, say, a data broker has. But that stuff can be more practical and more sensitive to your average person. I don’t think the two are at odds with one another.
Has the Snowden incident helped you make the case for more interest in privacy in general?
Most definitely. We called this “The Summer of Snowden” last year. Every conversation we had has some callback to Snowden. Any time something that creates a mainstream conversation out of this issue that would otherwise be reserved for niche professionals, that’s great. I’ve got to say I’ve had more to say at cocktail conversations in the past year than any time in my life.
So what is the problem with, say, a pizza shop knowing what my favorite kind of pizza is?
That’s not a problem. You are about to tell them what kind of pizza you want when you walk in, so what if they know? If every day you go to a pizza shop and get a pepperoni and sausage pizza, the guy at the place will say, ‘Hey, it’s Bob. He wants pepperoni and sausage.” The problem is not sharing the data. The problem is how does he come by that information? That’s the scenario most people understand. Does a health insurance company also know that data? I’m perfectly willing to share my information as long as it’s clear who gets it and how it’s used. You don’t have to have a black and white reaction to sharing data.
So how come no one knows all the companies that have their personal data?
That’s part of the opaque nature of the marketing business, an unfortunate scenario. Part of what we are trying to do with Ghostery is give you the opportunity to dig into which companies know about you. We are all about transparency.
I installed the plugin and now a popup tells me that at nearly every website, 10 or 20 companies are tracking my clicks. How many companies are tracking me?
We have 1,800 companies in our database.
It’s a little overwhelming to see the list. What am I supposed to do with that information?
If you start to see the same company over and over again, you can click and try to learn more about them. You can also block them, but we don’t block companies by default. That might cause some websites to not work properly.
Do people who install the product tend to block everything?
We try to lead people to a more nuanced understanding…there is a trade-off. People who use our product in a more involved way start by blocking everything and then they fine-tune those controls.
Your product is free. And it seems that many companies might not like what you do. How do you make money?
We allow users to share (their blocking preferences) with us. Then we sell it back to site owners to help with their relationships with third-party tools. But you opt in to do that, and it’s anonymous.
You must have a lot of interesting data on what things people block.
I don’t have real deep insights because a lot of our data is anonymized … but I do know that about half the people who block sites are doing it selectively, not just blocking everything, and that’s where I’d say our message is getting through.
Outside the U.S., where else is your product popular?
About 40% of our users come from Europe. Germany is second to the U.S. We also have a ton of users in Denmark, where people care a lot about privacy issues.
Where does the name Ghostery come from?
It’s a reference to the idea that there are things happening that you cannot see…
You sound more open to data sharing than some privacy experts. Why is that?
There is this notion of being very afraid of the future, where our identities are quantified. People often reference the scene in The Minority Report, where Tom Cruise is trying to evade capture, and holographic ads that know his name are blasted over and over. People point to that as scary. But the problem is not that the advertiser knows who he is, the problem is that he’s not being afforded due process.
Wait, our identities are going to be quantified?
Yes. Some folks are fighting a tide and I don’t see success in fighting that. It’s happening. So let’s start talking about how to do that in responsible ways. So just by signing your name and giving someone your information you haven’t lost control.
You do not sound paranoid. That’s strange for someone who works in privacy.
Yes (laughing). I’ve had to turn in my tinfoil hat. I’m trying to be a realist about the way our world and our culture will evolve. In my mind, I can be an advocate for transparency and a realist about the quantified world. I choose to believe there’s a middle ground and not just throw my hands up in the air and give up.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- The Risks You Face From Identity Theft
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life