One of the nice things about looking at the full scope of tech news for the day is that two stories that you otherwise wouldn’t think to connect end up playing off each other perfectly. So it was today with the following pieces of news.
First, Firefox is turning on a controversial new encryption methodology by default in the US. Second, Amazon is expanding its cashierless Go model into a full-blown grocery store.
Here’s where I see the connection: both are about companies tracking your activities in order to gather data they could monetize later. Let’s take them one by one, starting with Amazon.
You likely already know the story with Amazon Go stores: you can walk in and browse around, putting stuff in your cart as you like. Instead of checking out, you just leave. It all works because cameras track your every move and determine what you’ve picked up to charge you later. You can even pick something up, walk around the store with it, then put it back and leave and Amazon will figure that out. I know this because I’ve done it several times just to see.
Nick Statt visited Amazon’s new expansion of that concept and reported an excellent story about how it works as a full grocery store. He also interviewed executives on the details of how it’s all being positioned. Notably, this is an “Amazon Go” store and not just a Whole Foods. For Amazon, they’re two distinct retail models (for now).
That complexity inherent to the grocery market is why Amazon chose to brand its new store as a Go one, instead of choosing to bring its cashier-less Go model to an existing Whole Foods location. Amazon wants the freedom to sell people products from major brands they might find at a city bodega, a neighborhood CVS, or a Kroger store, and not just the organic and high-end ones Whole Foods sells today. That sets up Amazon to service a wider variety of customers: Go stores for the office lunch crowd, Go Grocery for the everyday residential shopper, and Whole Foods for the organic-minded and more affluent.
But as you are thinking about this whole model I suspect that Amazon’s go to market strategy isn’t top of mind. Instead, there’s either an alarm klaxon going off in your head or — at the very least — a quiet voice saying this: it seems super creepy for cameras to watch your every move as you walk around a store. The follow-up thought is that the convenience of not having to check out is perhaps not worth the tradeoff for the surveillance that’s happening inside these stores.
I hear the same alarm. But I also visited Amazon dot com this week and shopped for all sorts of things. If you think that the surveillance and data collection that happens at an Amazon Go retail location is creepy, well friend, it’s got nothing on what Amazon can glean from what happens on its website.
Keep that tension in your mind as we turn to Mozilla and Firefox. The core thing that Mozilla is doing is trying to encrypt DNS, which stands for Domain Name Service. When you visit a website like www.theverge.com, what you’re actually visiting is a much less descriptive series of numbers. DNS is the address lookup that tells your browser that the human-readable domain — theverge.com — is located at a particular IP address.
For most browsers, that address lookup isn’t encrypted, which means your internet service provider (or anybody else interested enough to snoop on it) could see what websites you’re visiting. Putting DNS behind a secure connection means that it’s less likely that snoops could see where you’re going.
The decision is controversial on a number of fronts. There’s the ever-present concern about protecting kids form predators, of course, but there’s also a large group of security experts who think it’s not actually all that effective.
On the whole, I think that Mozilla’s decision is fundamentally good, even with the above caveats. That’s because it shifts the Overton Window for privacy, just a bit. Whatever you think of its efficacy, the shift helps to change our default assumptions about privacy, Specifically, browsing should be fully private.
If you haven’t connected the DNS story with the Amazon story on your own, let me lay it out more explicitly.
I don’t think we’ve fully grappled with the idea that by default there’s not an expectation of privacy with what we do online. Think about it in other contexts: would you recoil at the idea of a company knowing what books you casually browsed at the library or bookstore? Probably you would, which is why the Amazon Go concept seems so squiggy (technical term).
"If tracking what you browse in a store or a library is weird, shouldn’t it be weird online too?"
Until we got on the web, our browsing habits were private by default. Now, they’re not.
For web browsing, I admit that there are contexts where trusted people like parents (or less trusted but still in power over your time, like the company you work for) might have a legitimate reason for gathering information on the websites you visit. But for the most part, what we choose to look at should be our business — whether that happens online, in a library, or in a grocery store. And yet the default assumption online is that certain companies get to gather and use that information.
Specifically your ISP, the company that provides your web browser, or even any company that manages to drop a cookie on a website you happen to visit can all gather data on your web browsing habits.
In a different world, one where we made different choices about how to construct and pay for the web in the early days, the online tradeoffs we’ve all agreed to would seem as bizarre as Amazon Go cameras tracking our every move in a grocery store. In this world, though, why have we accepted one online trade as normal while finding the trade of cameras in a store to be weird?
When it comes to the online world, Mozilla’s solution may not be perfect. But it seems like a step in the right direction to me. As do all the other changes that are coming to web browsers — even Google Chrome is coming around to reducing tracking, as I’ve written about before.
For the past twenty years at least, we’ve been living in a world where the default assumption is that it’s okay for companies to track our browsing habits because we get something in exchange. But if you’re squigged out by having your real-world store browsing habits tracked, sit with that feeling and ask yourself: should you feel differently about online browsing?
Lastly: a quick note that if you’ll be in Austin during SXSW, you can come see a live Vergecast with me, plus other panels and events with Nilay Patel, Ashley Carman, and Dani Deahl. A lot of it is happening at The Deep End, Vox Media’s space at the conference, which doesn’t require a conference pass. It may require a reservation, though, so RSVP here: https://voxmediaevents.com/sxsw.