Is A Picture Worth 1,000 Spams?
Every now and then, one of my friends will send me a link to an on-line photo album that they’ve created at one of the commercial photo-hosting sites. Unfortunately, I’ve never actually seen any of these photo albums because these sites all require you to “Create an Account” in order to view the album.
No thanks.
Here’s the thing: I understand that the website is providing a service (hosting photos), and that that service incurs costs for the website. I would be more than willing to pay a reasonable fee for that service, but no such “reasonable fee” exists. Let me explain. (And let me also explain that I’m not singly out any particular website, or even photo-hosting sites in general; it is any website that wants you to sign-up to get “low value” content).
Imagine for a moment that we had some form of micropayments or e-cash and that it was easy for people to buy and sell goods anonymously over the internet at large. Now I can decide what viewing a photo-album is worth to me, and what I think it should be worth to the hosting company. I might decide that it’s worth a dollar, or maybe twenty cents, or maybe five dollars; the exact value doesn’t matter. But I know what “spending a dollar” means, and I can relatively easily make the decision as to whether viewing those photos is worth $1 to me (and that the hoster deserves $1 for providing the service – note that even if I had infinite resources, I still wouldn’t want to be ripped off to the tune of hundreds of dollars just to see a couple of pictures).
But the currency of the internet isn’t cold hard cash, it’s PII (Personally Identifiable Information) – your name, e-mail, age, and anything else you are willing to cough up. There are two problems with this:
- I don’t know how much giving up my PII is going to cost me in the long run
- I don’t know how much my PII is worth to the website in the long run
Looking at the first point, I know what “spending a dollar” means. It’s going to cost me exactly one dollar. If I spend the dollar on the photos, I won’t be able to it on a cup of coffee or a movie ticket or the next Pet Shop Boys album, but I’ve got a couple of spare dollars lying around for those other things, so it’s no big deal. I spend the dollar exactly once, and ten minutes later I’ll probably have forgotten about it. I certainly won’t be caring about that dollar next week, next month, or ten years from now.
But you can’t say the same for PII. It only takes you a few minutes to type it in (which, depending on how you value your time, may already put you well over the $1 threshold -- especially if you actually read the Terms of Service and the Privacy Policy) but once you’ve given it up you can never get it back. Now you might start getting “promotional offers” from the site in your e-mail and possibly your postal mail. They might sell your PII to a third party who will send you even more “promotional offers”, and this could go on indefinitely. Five years from now, even though you’ve forgotten about ever visiting the web site, you could still be getting spam from a bunch of folks who have your PII.
But wait, there’s more! If the hosting site or its affiliates, agents, successors, blah blah blah ever get hacked (or they lose their backup tapes in the mail, or they fall off the back of a truck, or... I’m sure you’ve read all the stories), your PII may land in the hands of real criminals. Now it’s not just unwanted e-mail or flyers from “legitimate” advertisers that you have to worry about, it’s malicious or fraudulent e-mail that might lead to spyware infection, identity theft, or something even worse.
Is it really worth that to you?
And on to the second part; what’s it worth to the website? Again, you probably have some idea of what $1 means to a website (because it’s the same currency that you use), but it’s impossible to quantify what the value of your PII is to them. Over time, they might use it to spam you; they might sell or rent your information to an unlimited number of other parties; they might combine it with other data from other websites to build up profiles of users; and so on. Note that these activities may not cost you anything (they don’t figure into #1 above), but they do provide value to the website... possibly a lot more than the $1 you might have valued the transaction at originally. So you’re effectively selling yourself short by giving away a goldmine of information for a couple of piccies on the net.
This is why you should always read the Terms of Service and the Privacy Policy and any other related documents before signing up to any web site. Even then, you’re not necessarily safe. Many sites effectively say “we reserve the right to change this at any point in time... you should come back and check our website regularly!”. But even if you bother to go back and re-read the site every so often (once a month? a week? every hour? How often is often enough?) it probably doesn’t matter. If they change their policy to be “We will sell all your PII to the highest bidder”, what can you do? It’s not like you can decide you no longer agree and take back your information. They’ve already got it hostage.
Now, some of this might sound sensationalist, and I don’t know how likely any of it is to happen.. I’ve never actually made it all the way through the ToS or PP for a photo hosting website, because usually after several minutes of slogging through the legalese I decide to cut my losses and close the browser. But as far as I’m concerned, it’s Just Not Worth It.