C is for Cookie

I was surprised at Amazon's Paypages initiative. Not so much as at the ideas behind it -- I'm all for micropayments, and Amazon clearly already had the infrastructure with zShops -- as at the way they chose to create payboxes. In particular, it stunned me that they were willing to let other users put images on their sites that would greet visitors by name. That they would then let people customize the boxes with any text they wanted came as no less a surprise. Phrased in the right way, the privacy implications sort of jump right out at you.

Amazon has, it turns out, implemented their cookies in a reasonably (for cookies, that is) non-invasive way. They don't know the exact URL tht you hit: the only information they get is that you're looking at a page I created. Given that they're trying to match interests, rather than target third-party advertising, this is reasonable. More importantly, they don't share this information with me. There's no way for me to get at the information from their database.

[Digression on the security issues. Ordinarily, web pages can only talk to objects on the same "domain" as themselves. The Laboratorium is a domain (as in "domain name"); so is Amazon. Exceptions are made for images -- thus, I can serve up, as part of my page, an image that comes from one of Amazon's server. However, there is no way for any script that I write in my web page to access the actual contents of that image. All I can get at is the URL you loaded it from -- but I knew that much already, since I wrote it into the source of my page. The image's details -- including your name -- remain a matter strictly between you, your browser's rendering engine, and Amazon.]

That said, the only significant difference between me and Amazon in terms of privacy is that Amazon has a much bigger and more comprehensive customer information database. To illustrate the point that the Laboratorium could have, should it so desire, as rich a privacy-invading infrastucture as Amazon, that little text box on the left will store your data from session to session. Type something in there and navigate away. Hell, type something in there and turn your computer off. When you come back, so will it. Think of that as your name, email, and credit card number, imagine similar little "boxes" hidden in every web page you visit (invisible to you, often) and recording every page you see, and imagine the consequences. [Tested under IE 5 and nothing else.]

Okay? Well, there are lots of companies out there doing exactly that Doubleclick is the most famous, but not the only one. They're tracking your surfing; they're correlating your data from one visit to the next. We've all known this intellectually for a while. It's just that Amazon's payboxes make this state of affairs a lot more explicit than Doubleclick's banner ads did, because it's staring you right in the face that someone out there knows who you are and what you're up to

Amazon's experiment is also an amazing test case because Amazon does give you things of real for giving up some of your privacy. Those recommendations and similar items their site offers you? Culled from their database of your transactions? The convenience of one-click ordering? It works because they know who you are, where you live, and how good your credit is, all from that single click. The fact is that Amazon is more convenient for micropayments now than any other solution out there. This is privacy intrusion done right: it's opt-in, since they know nothing until you tell them, there's no leaking of data, since they don't let third parties see the cookies, and they really do make your online shopping experience simpler by leveraging the cookies.

This is it. It's decision time out on the electronic frontier. Are you comfortable with the web as a place where everybody knows your name? Say "yes," and the web's a small town: the shopkeepers wave to you as you walk past, your neighbors are always there with a friendly word, and the sheriff knows where you were, late last night. Say "no," and the web's a big city: a slightly colder place, where nobody quite seems to recognize you, but also where you can escape the prying eyes and constant whispers. What's it to be?