WhiteHouse.gov: Moving the Cookie Forward
March 3rd, 2009 by Alissa Cooper
Over on CNET, Chris Soghoian has helpfully pointed out some new developments in the way that both WhiteHouse.gov and YouTube are delivering online video. Here’s a quick summary of recent changes:
• The most recent batch of videos posted on WhiteHouse.gov do not use an embedded YouTube video player. Instead, the White House is using its own embedded Flash video player and apparently leveraging the Akamai content delivery network to serve videos. No persistent cookies are involved.
• The WhiteHouse.gov privacy policy has been updated. Instead of singling out YouTube as its video provider, it now addresses persistent cookies used by “some third party providers� for statistical purposes. This is probably a good move if the White House is working with more than one third party service provider, but it would be nice to know which private companies the White House is working with (non-government sites like USA Today have been disclosing this kind of information for some time now]).
• YouTube now offers the choice of embedding any video on another site with “delayed cookies.” Using this option means that an embedded video player will not set a persistent cookie on the video viewer’s computer until the viewer actually clicks on the YouTube video player. This is essentially equivalent to the cookie functionality that the White House had been using with embedded YouTube videos and that the Electronic Frontier Foundation had introduced with its MyTube tool, but now anyone embedding a video on any site can take advantage of this fix with a simple click of the mouse on YouTube.com.
• Existing YouTube videos on WhiteHouse.gov (like the inaugural address now appear with a “Privacy info� link in the lower right hand corner of the video player. It’s unclear how widespread this change may be – webmasters of several other .gov sites noticed this change as well, although in our quick review we haven’t seen the “Privacy info� link outside of WhiteHouse.gov. Although there’s no clear federal guidance on the issue of prominent privacy notices, we like the idea of the prominent privacy link. Like “delayed cookies,� it may even be a feature that non-governmental YouTube users would appreciate.
So what does this all mean? At a high level, it’s exciting to see both the public and private sectors innovating to promote the goals of privacy and open government. In just its first six weeks, the White House seems to be keen on creating new ways for consumers to explore its content offerings in a privacy protective way, and we hope that trend continues as the offerings expand. Meanwhile, YouTube appears to be motivated by the White House’s interest in protecting privacy, and the payoff is already trickling out onto commercial Web sites. Let’s hope both trends continue.
This entry was posted on Tuesday, March 3rd, 2009 at 10:35 am and is filed under CDT, Open Government. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
March 5th, 2009 at 12:44 pm
I agree it’s good to see the White House putting pressure on YouTube (and hopefully other organizations) to actually try to respect privacy. The problem with most privacy policies is less what’s in them, but the fact that no one reads them. And even if they did read them, most people couldn’t understand them without a lawyer present. According to CIO-Today reported web users believe brands they trust will keep their information secret, regardless of what the privacy policy says – basically by naming it a privacy policy, people assume their information will be kept private.
What I find missing in all this is what did the YouTube cookie do that we’re so against? The cookie seems to say nothing except what basic web analytics already track such as IP address, browser, OS, etc. Is it simply the lack of an opt-in – that the YouTube video tracks anyone who loads a page, not just watches the video? How will this information be used any differently than basic web analytics?
I recognize there’s a slippery slope if we let tracking for tracking’s sake take over, but privacy for privacy sake doesn’t always have to be the default option. Let’s address actual privacy issues, like the public not understand how much information a website already gets on them. My friends don’t realize I can tell if they visit my website, where they go, how long they stay, and if they’re using Firefox like I tell them to. They’re shocked about this. But while people say privacy is important, when given the opportunity, people often give it up, giving out information for chocolate or pens (as two studies showed).
Sometimes, web analytic information helps companies make a better website. We know which pages are popular, who is sending links, and where people are coming from. YouTube and WhiteHouse.gov get the same information to make better videos/websites.
Opt-in systems are better, but as I said, no one reads or understands privacy policies. We trust brands. As long as brands don’t violate our trust with the information they already have, we’ll keep visiting them, giving them more and more information. It is not opt-in. It is about oversight and trust.