I just started reading Shoshana Zuboff’s The Age of Surveillance Capitalism, and today I just happened to open Instapaper to the last thing I was reading from the web, 12 Million Phones, One Dataset. Both long overdue; Zuboff’s book has been sitting on the shelf for nearly a year because honestly, a 700 page hardcover is hard to commit to for me.
(Though I’m one of those people who has actually read Infinite Jest and recommends it as if it’s any other recommendation of a great book, I definitely thought the kids in school who were reading It, War and Peace, or Atlas Shrugged obviously did it to show off they read big books.)
I’m not a developer or a website designer, but I just realized now that even though in my job I work hard to emphasize safe data handling, the risks of interpretation, and the problem of bias, and I think about and pay attention to things related to user and citizen privacy, I haven’t really considered my websites.
Like a first time homeowner might show up at a hardware store and not know what kind spackle they need, I have no idea what’s in the materials and providers I used to create them (WordPress, Themegrill, Dreamhost, Porkbun, Mailchimp) and what that entails. And I did even download GDPR boilerplate (it’s oddly official to to download files from the official website of the European Union!) I stopped short of thinking more about website privacy policies, cookies and the like because it’s complex and not obvious and will take some research.
Do I need to consult a lawyer? If I promise not to sell the email addresses of people who subscribe to my blog, or spam anyone, or ever the sell the data of any visitor to my sites, is there a way I have to do it to make it “really” legal, or actions I have to take to make sure I’m not accidentally responsible for something because I used a particular word on a particular page? I wanted to get started as quickly as possible and be able to commit to at least this blog and worry about all the webmaster stuff later.
That’s not quite responsible. The NYT article is pretty shocking in the sense that they make the customer journey of location tracking data quite literal, and not only do I want to make people feel like I’m not doing that, I would like to be able to discuss the details of how I’m not conclusively.
So here’s my New Year’s Resolution. I’m going to start with a promise, and commit to doing work that will take some time and thought because I don’t know what the work is yet, just that it has to be done.
I promise that I, Damien Dabrowski, will not sell, share, distribute or otherwise make available to anyone but me any data of or about this blog and my website’s user. While the spirit of this is of critical importance, I will do my best to ensure that no product or service I use to share my work or build my site does either. Finally, I will only use it for proper function of my site, and only if the function critically depends on it.
Here’s the weird part about that though: One of the projects I’m planning on is to understand what is common and typical for analytics in the industry I work in, broadly consumer software and digital products. To do that, I clicked “Agree” on a bunch of stuff that came prepackaged and easily available from my webhost and CMS provider, including integrations with Google Analytics, SSL certificate providers, anti-malware and botnet stuff… honestly, I don’t even know what it all is yet. That knowing’s important work to do if I have a site.
So I’m still going to do that, but the instant my research is complete and/or I learn that suite of stuff does anything that contradicts me here, it’s gone. Promise.
And when I’m wrong or it’s complicated, I’ll talk about it here!