Last week, the FTC issued the final version of its “set of proposed principles to guide the development of self-regulation in this evolving area” with its top recommendation to be more transparent and provide users with exactly what information was collected about them, as well as ways to bypass data tracking.

“Industry needs to do a better job of meaningful, rigorous self-regulation or it will certainly invite legislation by Congress and a more regulatory approach by our commission,” Commissioner Jon Leibowitz wrote in a statement released with the report. “Put simply, this could be the last clear chance to show that self-regulation can — and will — effectively protect consumers’ privacy in a dynamic online marketplace.”

Meanwhile, privacy groups still maintain that these proposed principles are not quite enough:

“They’re punting this back to the online advertising industry, when they should have put their foot down and set some minimum rules,” said Jeff Chester, president and founder of the Center for Digital Democracy. “Simply asking the industry to be more responsive doesn’t get to the heart of the threat to privacy.”

While these principles are unlikely to result in any drastic changes in online data tracking procedures, the dissemination of such ideas is a step in the right direction. What’s needed here is a way for relevant advertising and user privacy to work together.

“This is about advertising, so these people ought to be creative,” said Eileen Harrington, acting director of the commission’s bureau of consumer protection. “We know advertisers can get their messages across when they want to. They darn better want to get this message across: ‘This is what we are collecting and this is how we are using it.”

Amen to that.

Ixquick, a Dutch search engine made it into the (unofficial) record books on Wednesday. The “World’s Most Private Search Engine” has become the first to function without retaining the user Internet Protocol (IP) address in order to increase user privacy protections that it has emphasized since its launch in 2006.

“At Ixquick we feel people have a fundamental right to privacy,” said Ixquick chief executive Robert Beens. “Using a search engine is sharing your innermost secrets and habits which should be safe. Ixquick has the best privacy policy of the search industry. Today it has become even better.”

Timed to coincide with Data Privacy Day on a few days ago, Ixquick will go from retaining the user IP address, which designates the Internet connection used, for 48 hours to eliminating retention all together. Coupled with ISPs tracking behavioral data online, the IP address allows easy user identification and runs into problems amongst privacy advocates.

“The technical need to store IP addresses for 48 hours – blocking automated use of Ixquick’s servers – has been overcome by recent technological developments,” said an Ixquick statement.

The closest any US search engine has come to lowering data retention periods is Yahoo! with a period of three months. Talk about a breath of fresh air. We’re curious to see if the news elicits any similar moves in the US.

From Our Own Backyard to Overseas, Behavioral Tracking Finds a Home

Perhaps the biggest issue of 2008 was the rampant move toward behavioral targeting by ISPs. While this issue seen action from established companies like Tacoda and Revenue Science for years — NebuAd, Phorm and other companies new to the scene stirred up controversy.

The fire sparked in June when Charter Communications, one of the largest providers of cable-based broadband service in the U.S., “backed off of a plan to insert advertisements onto Web pages — using a company called NebuAd — based on its users’ Web-surfing habits after privacy advocates called the program an ‘attack on users.’ This was only the beginning of the blaze.

Congress got word of this controversial functionality and called out NebuAd to change its privacy notification features to allow customers to opt-in voluntarily rather than have to opt-out of the service (Around the same time, AT&T, Time Warner Cable and Verizon all agreed to get the permission of users before performing behavioral ad tracking in the future). To make a long story short, NebuAd essentially shut down on American grounds — even the CEO stepped down following congressional scrutiny. However, this has not stopped the behavioral technology overseas.

Last month, Phorm, a company that offers the technology similar to NebuAd, ended its trials with ISP British Telecom (BT) and planned beginning steps to roll out the technology across the entire network. NebuAd is following suit and hopes to get the ball rolling again on foreign soil. However, it still has loose ends to tie up in the US, particularly a lawsuit filed by 15 angry Web users against the ad targeting enterprise and the six ISPs that utilized the company’s technology without user consent.

In Other News…

Privacy Cops didn’t limit the discussion to just behavioral targeting but pushed to include all thoughts about privacy, and even had some news of our own to announce.

• Throughout 2008, Yahoo, Google and Microsoft competed to lower their data retention periods and we’re hoping the trend continues to no retention whatsoever. Yahoo’s most recent announcement to only hold data for 90 days trumped Google’s September promise to hold it for six months, and Microsoft said it would match Yahoo’s three month period if the other two giants did so as well.
• Google Street View was another ongoing story we covered as it continued its trip around the world, opening in New Zealand, France and other countries. Still, many countries are vehemently opposed to the technology, namely Japan and this Germany town. We’ll see how much footage the Google cars can capture in 2009.
In Australia, a colossal infringement on privacy rights was announced in October. Australia became the first democratic nation to filter Internet content via deep packet inspection (DPI). Under the government’s $125.8 million Plan for Cyber-Safety, it was announced that Australians would not be able to opt-out of the censorship but rather have the option to chose between two blacklists: one that blocks content inappropriate for children, and one that blocks illegal material. Preliminary trials showed that even the best Internet content filters would block approximately 10,000 pages (out of one million) incorrectly.
One of our biggest accomplishments in 2008 was to announce the configuration of our new security product, Hotspot Shield for iPhone. Hotspot Shield was the first free security iPhone application to keep Internet sessions 100% secure and anonymous, and our iPhone application is just another platform to extend our participation into the mobile security conversation (which we believe will become a hot topic in 2009).

So What’s Next for 2009?

Our hope is that 2009 brings a sense of urgency to the realm of consumer privacy online. Moreover, we would like to see Internet users valued for the information they provide to third-party companies and ultimately, advertisers. Based on developments already making headlines, we expect a wild ride this year in the privacy world.

Phorm is already researching using financial incentives to encourage users to sign up to its ad-targeting technology. Consumer advocacy groups are on the horn scrutinizing Google’s mobile advertising practices that may violate children, adolescent and other consumer privacy laws. Additionally, four groups representing ad networks, portals, publishers, ISPs, and ad agencies have joined forces to convince Congress that the industry is capable of policing itself rather than have government step in and regulate behavioral targeting.

We’re only two weeks into 2009 and battles are beginning. We’ll continue to provide you commentary on the action every step of the way.

Edward J. Markey (D-Mass), the chairman of the House Subcommittee on Telecommunications and the Internet and a founding member of the Congressional Privacy Caucus, responded positively to Yahoo’s move and its implications on the competition. He stated: “Yahoo voluntarily sets a new standard for privacy protection, a standard against which Microsoft, Google and others will now be compared. Privacy is a cornerstone of freedom and I applaud Yahoo’s announcement for recognizing that consumers deserve ample privacy protections in the digital era to ensure trust and freedom on the Internet.”

While we are on the same page as Markey with advocating privacy protection online, shorter data retention limits are hardly enough to provide user privacy online. Unless the practice of tracking and storing user data is completely eradicated from the industry, Google, Microsoft and Yahoo are only a handful of companies that will continue to collect and store personal information without user knowledge. Users are powerless to control what is seen and what is not; this practice is unacceptable.

Yes, Google did took the first step in limiting storage periods when it halved the time it stored user data from 18 to nine months earlier this year. Yes, Microsoft announced earlier this month that it would cut its retention time to six months if its competitors did the same, and now Yahoo is promising a similar plan. However, even Yahoo’s plan to scramble the IP addresses by deleting the last eight bits is drawing criticism from privacy pundits on its inadequacy to provide full anonymization.

While shortening data retention periods and deleting IP addresses look good on paper, more stringent rules need to be enforced to put the user in command of their information. Keeping the data for months at a time does not provide any control to the user. Furthermore, as long as the company executives make the decisions on how long to keep information about what an individual does online or what to do with that information, progress cannot be made.

That said, the developing trend here is promising: Google’s nine months of data retention led to Microsoft’s predicted six, and now Yahoo just announced its plan to only hold data for three months. While we’re not mathematicians at AnchorFree, let’s hope the current pattern continues, and the next jump is to zero — meaning the practice is eliminated entirely; that is the only way to put control back in the hands of users and out of the hands of unscrupulous executives looking to leverage the data.

In the meantime, AnchorFree does offer a free consumer Virtual Private Network (VPN) called Hotspot Shield that provides full anonymity to consumers on the Web. The download puts users back in the driver’s seat to browse free of fear of data storage and tracking. Check it out here.

Today, news broke that Phorm has ended its behavioral targeting trials with ISP British Telecom, which means that the controversial service will now be rolled out across the entire network.

An investor update distributed by Phorm this morning said the trial had “achieved its primary objective of testing all the elements necessary for a larger deployment”. Started in late September, the Phorm trials have been highly controversial, but a BT confirmed their success and stated that the ISP “expects to move towards deployment” by mid-next year.

That’s not all, folks. In addition to making plans to open a number of “exploratory offices” in other countries, Phorm is being tested by the ISPss Virgin Media and TalkTalk. Should these U.K. ISPs agree to deploy Phorm, the service will effectively cover most UK broadband subscribers.

We came across this great video from the U.K. show, Real Hustle that gives a really good demo of how this type of hacking called sidejacking takes place. Take a look at the clip below — and remember that you can easily avert this threat by securing your laptop with Hotspot Shield.

Why you should protect your wireless network with WPA (The Real Hustle, UK TV Show)

This proposal is ridiculous on several different levels. As Eric Schonfeld of TechCrunch points out, it’s an non-starter from a technology point of view:

1. The FCC has a hard enough time figuring out what is decent and what is not on 500 channels. It is not equipped to police decency on billions of Websites, even if it relies on automated filters to do most of the work.

2. The rule would apply to only one sliver of spectrum, the AWS-3 band, which nobody really uses yet. It would be like banning porn on fiber-optic IPTV, but not doing anything about it on satellite or cable. If children watching porn is the problem, this will do nothing to stop it.

3. Porn filtering aside, requiring winners of the AWS-3 spectrum auction to give up a quarter of the airwaves they win to set up a free slower-tier wireless Internet service will certainly make those airwaves worth less to any potential bidders. Worse, it could drive away the best potential bidders who might decide it is just not worth their effort or capital.

But, tech reasons aside, Martin’s proposal is plain old censorship. It’s hard to understate the importance of content on the Web being unfiltered and unregulated by the government, beyond criminal laws. Censorship, as they say, is a slippery slope, and as Schonfeld pointed out, it’s virtually impossible to decide what is obscene, let alone police the Web for obscenity.

Secondly, it’s not the federal government’s job to provide free Web access. Internet users can already easily find free, or virtually free Web access through services like AnchorFree or Meraki, and in most major cities, you can find access through open networks on any street corner. With municipal wi-fi proposals having a hard time getting off the ground, it’s tough to see how a federal plan with so many complications could get any support.

All discussion of the controversial behavioral advertising system was simply removed last week in order to “ensure that the forums remain constructive.”

While the legitimacy of behavioral targeting is still up for debate, BT’s move to banish all customer feedback on the topic seems unjust and ultimately unwise.

Like it or not, we’ve entered into an age of open communication online. To silence customer objections in the face of skepticism and fear only makes it look like BT has something to hide.

Starting today, you can now configure Hotspot Shield for the iPhone available at http://hotspotshield.com/clientless/iphone. Hotspot Shield is already used by more than 13 million people worldwide to keep anonymous and secure while on the Internet via a desktop or laptop computer, and now iPhone users can enjoy the same benefits of Hotspot Shield via their mobile device. Plus, unlike its computer version, the iPhone Hotspot Shield is ad-free.

With mobile phones becoming more like handheld computers with confidential information being exchanged via mobile devices, we felt it was of the utmost importance to ensure a safe exchange of all data and documents on the go. Hotspot Shield is the only free security iPhone application that keeps Internet sessions 100% secure and anonymous.

We’re proud of our continued efforts to provides consumers with the tools to surf the Web free from fears of hackers, ID theft, and behavioral tracking, and our iPhone application is just another platform to extend our participation into the mobile security conversation.

We hope you’ll give the iPhone application a try. (Don’t worry Blackberry and Treo users, we’re well on our way to making a Hotspot Shield version for you, too.) Let us know what you think of our new offering!