In what may be a not so odd coincidence, I discovered the following two items in the space of five minutes, which made me wonder whether most websites could be fairly accused of “spying” on their users:

cnn-we-recommend.jpg

spyjax-widget.jpg

The item on the left is from the beta version of CNN’s redesigned site, which, like the Amazon recommendation system, recommends articles based on your browsing history (via Bivings Report).

The item on the right — just an image! — is the widget version of a service called Spyjax that exploits a common browser feature — turning visited links red — to determine which other sites a visitor to a site using Spyjax has visited. If you go here, you will see your browser history displayed in the widget. It’s quite a chilling experience. I set up a Spyjax account and installed the code because I wanted to display the widget here to make the point dramatically, but I immediately took the code off after seeing my own visitor report. It felt so wrong — it felt evil.

(Sites using Spyjax will show a call to merchantos.com in the status bar when loading.)

You can see from the screen capture above some of the sites that the widget immediately determined I had visited — Noggin, for my daughter, Pair, because I’m probably going to switch my hosting service, and PlentyOfFish — strictly for business.

So why the comparison with the CNN recommend feature? Because they’re both cut from the same cloth. CNN’s recommendations seem benign — and it can be a useful service. But those recommendations are based on spying on your browsing without your permission.

Of course, every site that uses cookie-based traffic analytics effectively spies on you by planting a cookie in your browser. Any site that has a “most read” or “most emailed” list is essentially spying on user behavior.

Many sites, including many mainstream media brands, work with Tacoda, Revenue Science, or other behavioral targeting companies to take plant cookies that follow you everywhere you go — and serve ads based on your “behavior.”

There are some people who block cookies entirely, and many more people probably would if there weren’t so many sites that required cookies in order to function properly.

It will continue to be the subject of increasingly intense debate where to draw the line for user privacy. Media sites (and what isn’t media these days?) will need to keep a close eye on how the privacy pendulum is swinging.