• by Ray Schultz , Columnist, February 13, 2020

The privacy expert Martin Abrams made a telling remark a few years ago: “Even if I don’t know your name, it’s inevitable that the shadow you and the real you will come together.” 

That thought came to mind this week when two companies announced products that they say can help reveal data on website visitors.

Enea, a company based in Stockholm, in the heartland of GDPR, has enhanced its Enea Qosmos ixEngine and Enea Qosmos Probe products to deliver greater insight into encrypted and evasive traffic. 

The company says it can ID these forms of traffic:

• Cryptocurrencies and mining pools 
• Covert communication channels 
• VPNs (Virtual Private Networks) 
• Anonymizer applications 
• Traffic spoofing applications 
• Embedded links in emails

We usually refrain from quoting press releases directly, but we have to in this case because it  puts the privacy issue right out on the table: 

“Anonymity and privacy technologies, like data encryption and VPNs, are vital for safe and secure communications, but they limit the visibility network professionals rely on for troubleshooting, performance optimization, and business analytics,” the company says. “They also impact cyber security specialists, who need traffic visibility to detect and analyze threats in networks.”

Get it? If we’re reading it correctly, they can help you evade encryption, which could look a little odd to data authorities. Of course, it’s for an allegedly good purpose: security. But there’s more:

"As the use of encryption increases -- and becomes more robust with TLS 1.3 -- and as evasive tactics become more complex, innovation is key for our customers to maintain the critical visibility they need to optimize performance and respond to threats," states Jean-Philippe Lion, senior vice president of the DPI Business Unit at Enea.

Lion adds that the company's enhanced capabilities help marketers to meet the challenges of encrypted and evasive traffic and develop better and stronger solutions to protecting networks.

Enea says it can help clients derive “maximum insights from encrypted and evasive traffic, while packet content remains private.” 

Okay, but what about the business analytics part? Let’s assume this technology can be applied to any kind of web site visitor. The capability is there, regardless of the stated purpose, and under GDPR, you have to have permission to even process a person’s data.  

Then there’s Fastline, a U.S. firm that serves the agricultural industry. It has debuted Aggi, which it says identifies web site visitors, revealing the name, address, email and demographic information.

It’s not clear from the announcement if this is permission-based. Let’s assume it is, and that prospects are giving up this information to access content.

One purpose of this B2B program is to drive retargeting, and to provide sellers with “multiple options to market their equipment from our original print catalog, email and social media marketing or be featured on Fastline.com, states Bill Howard, founder and CEO at Fastline.

Howard adds that Aggi “now allows the ability to engage with those previously anonymous prospects.”

Speaking as a consumer and occasional B2B prospect, I would resent being barraged with marketing emails and phone calls after visiting a web site. 

Privacy laws like GDPR and CCPA make these issues more complicated, not less so. For instance, California has added a requirement that web sites be accessible to people with disabilities and the visually impaired.

That’s laudable in theory, but it also gives companies the ability to identify the disabled simply by their online behavior. And they may be able to determine their names and email addresses.

Depending on how this data is used and distributed, aren’t we looking at possible violations of HIPAA? In any event, many disabled individuals may not wish to be pigeonholed as such. 

Companies better hire good writers to put their required privacy policies into plain language. There’s ever more ground to cover.