The revelation that ISP’s like Comcast are selling your clickstream data has got a little attention. My own notes were spotty, so it was great to see that David Henderson audio recordings of the entire conference, including the infamous talk with David Cancel of Compete.com.
If people were so outraged (and confused!) over AOL releasing users’ search information, I wonder when the furor will turn towards the ISPs who actively selling even more private information. (There’s no way to be angry with Compete, as they are simply buying what is available and doing valuable statistical analysis.)
Here are the juicy bits from that recording, referenced by time.
0:00
Seth: David, how big is the panel?
David: The panel is a little over 2 million people right now.
Seth: You’re watching the behavior of 2 million people?
David: 2 million people, correct.
2:40
Roger ???: I was curious; how much do ISP’s think their users’ data is worth?
David: I think it depends on the ISP. So, some folks think it’s worth a lot. If you’re getting a couple million folks, you know, in the millions of dollars…to license that, per year.
Seth: So the average ISP customer … So if I use Comcast … I’m worth 40 cents a month?
David: Uh-huh. Something like that. It depends on the ISP, some will charge a little bit more, closer to a dollar.
Seth: So for 40 cents, Comcast is selling what of mine? They are selling…my entire clickstream?
David: Your entire clickstream. So, and some user [???] that identifies you. So 123 is your user ID per the time that you’re a Comcast customer, and your entire clickstream.
Audience member: So that’s essentially the same [as the] AOL data, that there was a lot of furor over.
David: It’s beyond that.
Audience member: It’s way beyond that.
5:26
Audience member: How many people are they selling it too? [muffled]
David: Lots. 10, 12 folks are buying this kind of data that I know of. So and a million dollars plus from each of those. Starts to add up. It’s pure profit.
5:52
Seth: Is there any clearing house of data of how many times my Comcast clickstream is getting sold?
David: No.
Seth: You see, I thought it was bad where in the lead generation world where your mortgage lead gets sold 15 times. This is even worse, because you’re not filling out a form.
Esther: But they don’t bother you as much!
7:30
Audience memeber: Do you know if any government agencies are looking at this data? [muffled]
David: I don’t know. I mean, we’ve been contacted a long time ago…[crowd noise]
Esther: They are.
David: …similar experiments.
David: I’m sure they’re buying it, or have access to it as well.
Seth: They’re the ISP to the ISPs.
9:20
David: When I see some of the information that our client have on users, it seems a lot more scary to me than what you can gain from clickstream information. It might just be me, I might be numb to the clickstream information. But some of the credit card information that we know some people are capturing is a lot more scary…than some of the exhaust on the clickstream side.
10:30
David: We get clickstream information, basically like the history looks like in your browser. We don’t get the underlying information like what kind of videos have been played or rich elements. Although…it is available.
I think the difference is, in the case of AOL people understood what was sold. For the IPS people doesn’t understand what is a click stream and they don’t realize the importance of this information.
Stan,
I wanted to make a couple of clarifications to my talk at the Open Data Conference.
1. I did not mean to imply that Comcast is licensing clickstream data. I have no idea what their practices are. I took Seth’s Comcast example as a strictly hypothetical example. I apologize to everyone if that was confusing, I can see how it may have been now.
2. My “it’s beyond that” reply to the AOL question was meant to highlight that “clickstream” data in any form (access logs, etc) is much “wider” (breadth) than search query data.
3. I did not mean to imply there was some “market” price for clickstream data. Again I apologize for the confusion I may have caused, I should have spent more time qualifying my reply on pricing.
Thanks again,
David
I am absolutely outraged, but I guess that’s only for my being European. I simply can not understand how anyone with some common sense could get the idea the data I produce by surfing could possibly belong to the access provider. It’s probably containing more extremely private information and clues about me, my habits, my employer, my banks than my creditcard records or even my bankstatements. And Comcast puts me at risk by selling this FOR 40 CENTS?
In this country, everybody seems to be paranoid about terrorism and the power of government – which does virtually know nothing about each individual. Then again, for exactly that reason there’s a thing like “identity theft” which in countries with a decent policy of registration simply doesn’t exist. I feel a lot better about what the administration in my homeland Switzerland knows about me than what profit-oriented companies without any control whatsoever not only know about me, but just simply sell to whoever offers them money for it.
Looking forward to the class action when some clever lawyer finds the first few victims of identy theft who can prove it happened because of their clickstreams beeing sold.
Well if u don’t read the T&C’s when u sign up don’t be surprised if there is something in there u don’t like.
Most of them are nasty and bit like the software licence from Microsoft etc.. where it says u don’t own it, u just rent it and we can take it away at any time, also you absolve us from anything that might happen with the software including where it doesn’t work, has bugs, gives blue screen of death ….
u get the idea.
No not surprised with the comcast stuff as well.
If u really want 2 be “of no value 2 them” run an internal proxy (onion type) on your PC/internal network. Its easy (yah! right!)
Lal
In this country, everybody seems to be paranoid about terrorism and the power of government – which does virtually know nothing about each individual. Then again, for exactly that reason there’s a thing like “identity theft” which in countries with a decent policy of registration simply doesn’t exist.