I’m Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web is a voyage into the invisible business that funds the web. Who are these companies and what do they want from me? Even if you’re generally familiar with the idea of data collection for targeted advertising, the number and variety of these data collectors will probably astonish you. Right now, a huge chunk of what you’ve ever looked at on the Internet is sitting in databases all across the world.
Many different companies want to know as much about me and what’s on my screen as they possibly can, although they have different reasons for their interest. To be clear, these companies gather data without attaching it to your name (most of the companies do not know names of the people they are following); they use that data to show you ads you’re statistically more likely to click. That’s the game, and there is substantial money in it. Some of the best minds of my generation are thinking about how to make people click ads (think for example how many highly talented people Google has). The online advertising industry argues that technology is changing so rapidly that regulation is not the answer to queasiness about all that data going off to who-knows-where.
The bad news is that people haven’t taken control of the data that’s being collected and traded about them. At the moment there is a fascinating scrum over what “Do Not Track” tools should do and what orders websites will have to respect from users. Do Not Track signals a user’s opt-out preference with an HTTP header. Several large third parties have already committed to honor Do Not Track, but many more have been recalcitrant.
It’s now time for us to watch the watchers. Track Who’s Tracking You With Mozilla Collusion. Collusion is a Firefox browser add-on that lets you track who’s tracking you across the web for behavioral targeting purposes. There is a demonstration put up at collusion.toolness.org, which takes you through five popular websites and visualizes the data collection companies that track you across them. From there, you can download the add-on if you want to see the tracking visualization of your own browsing behavior evolve in real-time.
Collusion looks to offer more transparency to users by creating a visualization of how your data is being spread to different companies as you navigate the web. Each time it detects data being sent to a behavioral tracker, it creates a red (advertisers), grey (websites) or blue dot on the visualization and shows the links between the sites you visit and the trackers they work with. Mozilla has created an online demo to show just how quickly your data ends up in the hands of dozens of different companies as you move on popular web popular sites.
If you need the source code, it’s all at github.com/toolness/collusion. For some more details take a look at Toolness Blog posting on Collusion. This is an interesting experiment to track on who is tracking you. Collusion is about alerting users to tracking that’s happening without their consent. Very interesting! The more access to metrics the better.
240 Comments
Tomi Engdahl says:
Facebook may soon allow ad targeting by email, user ID and phone number
http://www.insidefacebook.com/2012/08/30/facebook-may-soon-allow-ad-targeting-by-email-user-id-and-phone-number/
Sources familiar with Facebook’s ad plans previously told us that the company was working with some premium advertisers to target audiences by email address
Some Power Editor users temporarily had access to a new “Custom Audiences” tab today.
Advertisers can select which type of information they are targeting and then upload a CSV or TXT file with email addresses, user IDs or phone numbers. According to the screenshot above, personally identifying information will be hashed before being uploaded to Facebook, and there are additional terms for using this functionality
Tomi Engdahl says:
Facebook To Roll Out Email- and Phone Number-Based Ad Targeting Next Week
http://techcrunch.com/2012/08/30/facebook-ads-email-phone-numbers/
Facebook will be launching new features next week that allow advertisers to target their ads to customers based on contact information that the advertiser has already collected. It’s a way for businesses to connect their Facebook ads with the customer lists they may have built up elsewhere.
Inside Facebook first reported on the feature after tipsters saw it go live temporarily. A Facebook spokesperson confirmed this afternoon that it’s a real product, and she walked me through how the program will work.
Businesses will be able to upload those lists of email addresses, phone numbers, and user IDs to Facebook, though the data will be hashed first so that Facebook doesn’t have access to that information. Meanwhile, Facebook’s user data will be similarly hashed, so the company can compare both sets of hashed data, creating a list of users whose contact information matches up with what the advertiser uploaded.
After that, businesses will have the option target their ads at that group
This is just about giving advertisers more targeting options, Facebook says — businesses won’t have access to any additional user data.
Facebook’s spokesperson says the feature has been in private testing
Starting next week, this targeting feature will be available to all “managed” advertisers (i.e., the ones who receive support from Facebook).
Tomi Engdahl says:
You’ll be on a list 3 hrs after you start downloading from pirates – study
Bad news for seeders ‘n’ feeders…
http://www.theregister.co.uk/2012/09/05/p2p_copyright_enforcement_study/
File sharers who download torrents from services such as The Pirate Bay can expect to find their IP address logged by copyright enforcers within three hours, according to a new study by computer scientists.
Researchers at the UK’s University of Birmingham reached the finding at the end of a two-year study into how organisations are monitoring illegal file sharers.
They conclude that large scale monitoring of the most popular illegal downloads from The Pirate Bay has been taking place over the last three years.
“Average time before monitors connect: 40% of the monitors that communicated with our clients made their initial connection within 3 hours of the client joining the swarm; the slowest monitor took 33 hours to make its first connection.”
“We found six very large scale monitors, however all of them where using third-party hosting companies. Therefore we can’t be sure who they really were”
Tomi Engdahl says:
Honeytrap reveals mass monitoring of downloaders
http://www.newscientist.com/blogs/onepercent/2012/09/honeytrap-catches-copyright-co.html
Anyone who has downloaded pirated music, video or ebooks using a BitTorrent client has probably had their IP address logged by copyright-enforcement authorities within 3 hours of doing so. So say computer scientists who placed a fake pirate server online – and very quickly found monitoring systems checking out who was taking what from the servers.
Birmingham’s fake server acted like a part of a file-sharing swarm and the connections made to it quickly revealed the presence of file-sharing monitors run by “copyright enforcement organisations, security companies and even government research labs”.
Tomi Engdahl says:
Apache Patch To Override IE 10′s Do Not Track Setting
http://apache.slashdot.org/story/12/09/08/0053235/apache-patch-to-override-ie-10s-do-not-track-setting
“A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to ‘better protect user privacy.’”
” Fielding has written a patch for the web server titled ‘Apache does not tolerate deliberate abuse of open standards.’ ”
Apache Patch to Override IE 10’s Do Not Track Setting
http://paritynews.com/web-news/item/282-apache-patch-to-override-ie-10%E2%80%99s-do-not-track-setting
A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10.
According to Mozilla, the DNT feature shouldn’t be either in an active state or an inactive state until and unless a user specifically sets it.
Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default.
According to Fielding, “Microsoft deliberately violates the standard. [...] The decision to set DNT by default in IE10 has nothing to do with the user’s privacy. Microsoft knows full well that the false signal will be ignored, and thus prevent their own users from having an effective option for DNT even if their users want one” he added.
Standard says: “A user agent must have a default tracking preference of ‘unset’ (not enabled) unless a specific tracking preference is implied by the decision to use that agent.” Here the user agent needs to be interpreted as a Web browser.
Tomi Engdahl says:
Google adds ‘Do Not Track’ to latest Chrome test build
http://news.cnet.com/8301-1023_3-57512829-93/google-adds-do-not-track-to-latest-chrome-test-build/
Search giant Google has included support for the Do Not Track privacy standard in the latest Chrome developer build, released on Thursday.
The search giant and browser maker previously said it would implement a solution to help prevent users’ actions from being tracked on the Web, and said it would have a solution out for Chrome and its advertising systems “by the end of the year.”
A Google spokesperson told AllThingsD: “We undertook to honor an agreement on DNT that the industry reached with the White House early this year. To that end we’re making this setting visible in our Chromium developer channel, so that it will be available in upcoming versions of Chrome by year’s end.”
Tomi Engdahl says:
CNet has published a guest column by Eric Wheeler warning the world of the evil consequences of Do Not Track. In it he makes strong (I would claim exaggerated) arguments in favor of targeted advertising:
How ‘Do Not Track’ is poised to kill online growth
http://news.cnet.com/8301-1023_3-57516422-93/how-do-not-track-is-poised-to-kill-online-growth/
A new “Do Not Track” policy could come out as soon as next year. So before it’s too late, we need to step back and consider what’s really at stake.
New “Do Not Track” policy could come out as soon as next year, so before it’s too late, we need to step back and consider what’s really at stake.
Compromising a $300 billion industry
Online advertising has been one of the few unqualified success stories in our economy in recent years.
Handicapping small business
The perils of “Do Not Track” extend well beyond the ad industry. Small publishers and startup ventures alike stand to lose the most under more stringent online restrictions
Stifling innovation
Anonymous user data is far more than just a lens for ad delivery; for many startups, it’s the life’s blood of innovation.
What you can do
Don’t take it on faith that the FTC will do what’s in the best interest of users and businesses. In fact, the agency is under intense pressure from many within the W3C and other privacy hawks to do just the opposite.
Tomi Engdahl says:
Why Do Not Track is worse than a miserable failure
http://www.zdnet.com/why-do-not-track-is-worse-than-a-miserable-failure-7000004634/
As a consumer, you’d think that the meaning of “Do Not Track” is pretty clear.
In theory, Do Not Track is a brilliant idea.
But the big data-collecting companies that are behind this standard seem intent on making sure it does nothing at all.
Tomi Engdahl says:
‘Two big associations, the Interactive Advertising Bureau and the Digital Advertising Alliance, represent 90% of advertisers. Downey says those big groups have devised their own interpretation of Do Not Track.’
“They have said they will stop serving targeted ads but will still collect and store and monetize data.’
Source: http://yro.slashdot.org/story/12/09/23/1334258/advertisers-never-intended-to-honor-dnt
Tomi Engdahl says:
Facebook has recently added a new feature that shows members of the site their search history and lets them delete searches they do not want Facebook to retain.
Facebook agreed to turn off the feature in Europe. The feature has long been controversial and was turned on by default last year, meaning that users who did not want to be identified would have to opt out.
Source: http://www.telegraph.co.uk/technology/facebook/9563855/Facebook-flooded-with-complaints-after-messages-bug.html
Tomi Engdahl says:
Clean IT – Leak shows plans for large-scale, undemocratic surveillance of all communications
http://www.edri.org/cleanIT
A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.
The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.
Tomi Engdahl says:
The Guardian newspaper that Facebook could become a nightmare for the Y-generation. The term refers to the 1990′s grown up in a generation in the United States and Europe.
These young people do not understand it according to the newspaper, that social media may be downloaded to the future with greater impact on the employment of, or even the ease with which people are getting health insurance or a bank loan.
Source: http://www.iltalehti.fi/digi/2012092516118631_du.shtml
Tomi Engdahl says:
Update: Facebook Confirms No Private Messages Appearing On Timeline. They’re Old Wall Posts.
http://techcrunch.com/2012/09/24/reports-facebook-users-seeing-private-messages-pre-2009-showing-up-on-timelines-as-posted-by-friends/
Some Facebook users were alarmed this morning when it appeared that private messages written in 2009 and earlier were showing up on viewable Timelines as messages “Posted by friends.”
Facebook also says in no uncertain terms that there is absolutely no privacy bug. What people are seeing are old Wall postings, not private messages.
The reason that this became an issue today may be because of Timeline’s global rollout. The first cases of people being worried about the potential exposure of old messages came from France
But worry not, and make sure your friends know the truth. No private Facebook messages have leaked.
Tomi Engdahl says:
It’s Become Tragically Clear That Facebook Chased The Wrong Business For Years
http://www.businessinsider.com/facebook-fbx-2012-9
Facebook has always sold ads the old-fashioned way, disguised as something new.
Now, as Facebook has begun selling ads in a different, much more lucrative way that others have been doing for years, it feels like Facebook’s tactic has put the company years behind schedule.
How Facebook has sold ads for most of its history: Advertisers tick off a bunch of boxes on the type of people they’d like to reach and then Facebook shows their ads to these people.
That’s the “old-fashioned way,” because that’s basically how advertisers have been buying TV ads for decades.
In other words, they look for inventory that is targeted to an audience based on data a publisher provides about its audience.
Facebook has sought to improve on this old-fashioned model by giving advertisers more detail about the type of people they can market to.
nstead of just knowing where those people are located, their gender, and their age, Facebook can tell advertisers where the people viewing ad inventory work, their marital status, and what their “interests” are.
All this extra data was supposed to be a gold mine for Facebook, and Facebook built up a huge ad sales apparatus to sell ads targeted with it.
Facebook has begun selling ads in a new way that makes its massive inventory much more valuable—three times more valuable, according to one company buying the inventory and reselling it.
This new method is called re-targeting. It has been used by ad-sellers outside of Facebook for years now.
Facebook has selected a dozen or so companies that will buy Facebook ad inventory and sell it to marketers using re-targeting.
How re-targeting works: You visit Warby Parker, the online glasses seller. You look at a pair of glasses you might like to buy. You decide not to buy them right then. You leave the Warby Parker website. Later, on other Websites you see ads with the pair of glasses you liked.
You see those ads because when you visited warbyparker.com, your browser downloaded a tiny piece of software, called a “cookie,” that told the ad servers on sites using re-targeting that you had previously gone to warbyparker and looked at a certain pair of glasses.
Ads that are “re-targeted” in this way are clicked on a lot, and it’s pretty obvious why. Unlike most ads in banners on the Internet, re-targeted ads are ones that you may actually want to see because they are based on your demonstrated interest in a product.
Tomi Engdahl says:
Electronic Surveillance By US Law Enforcement Agencies Rising Steeply
http://yro.slashdot.org/story/12/09/28/0251214/electronic-surveillance-by-us-law-enforcement-agencies-rising-steeply
“According to data obtained by the American Civil Liberties Union (ACLU), surveillance of emails and other forms of Internet communications without warrants has increased substantially over the last two years.”
Tomi Engdahl says:
Consumer Groups Ask FTC to Investigate Facebook-Datalogix Data-Matching Arrangement
http://epic.org/2012/09/consumer-groups-ask-ftc-to-inv.html
Facebook is matching the personal information of users with personal information held by Datalogix.
Datalogix has a massive database of American consumers making purchases. The information is based retail loyalty cards.
Tomi Engdahl says:
Facebook wants ‘Like’ button to be exempt from child privacy laws
http://news.cnet.com/8301-1023_3-57524073-93/facebook-wants-like-button-to-be-exempt-from-child-privacy-laws/
Social network tells the FTC that teens’ right to freedom of expression will be inhibited by proposed revisions to COPPA.
Facebok worries that teens’ right to freedom of expression will be inhibited if child privacy laws limit Web sites’ ability to incorporate the social network’s “Like” button.
Facebook also argued that a “Like” on the social network is free speech and that eliminating teens’ access to the button would be a violation of their constitutional rights.
“A government regulation that restricts teens’ ability to engage in protected speech — as the proposed COPPA Rule would do — raises issues under the First Amendment,” the company said.
COPPA requires Web sites obtain verifiable parental consent before collecting personal information from children younger than 13. While current Facebook rules prohibit teen-agers younger than 13 from using the network, it’s widely known that millions of young children have Facebook accounts.
Tomi Engdahl says:
Not From the Onion: Army Says ‘Social Network’ Use Is a Sign of Radicalism
http://www.wired.com/dangerroom/2012/10/insider-threat/
These are some warning signs that that you have turned into a terrorist who will soon kill your co-workers, according to the U.S. military. You’ve recently changed your “choices in entertainment.” You have “peculiar discussions.” You “complain about bias,” you’re “socially withdrawn” and you’re frustrated with “mainstream ideologies.” Your “Risk Factors for Radicalization” include “Social Networks” and “Youth.”
These are some other signs that one of your co-workers has become a terrorist, according to the U.S. military. He “shows a sudden shift from radical to ‘normal’ behavior to conceal radical behavior.” He “inquires about weapons of mass effects.” He “stores or collects mass weapons or hazardous materials.”
But its “indicators” of radicalization are vague enough to include both benign behaviors that lots of people safely exhibit and, on the other end of the spectrum, signs that someone is so obviously a terrorist they shouldn’t need to be pointed out.
Tomi Engdahl says:
Ad industry blasts Microsoft over Do Not Track defaults in IE 10
http://www.zdnet.com/ad-industry-blasts-microsoft-over-do-not-track-defaults-in-ie-10-7000005185/
Summary: In an open letter, an influential U.S.-based lobbying group for the advertising industry has sharply criticized Microsoft’s decision to enable Do Not Track as the default setting in Internet Explorer 10.
Tomi Engdahl says:
Could Your Crummy Klout Score Keep You From Getting a Job?
http://www.slate.com/blogs/future_tense/2012/10/03/online_privacy_can_employers_use_klout_scores_facebook_profiles_to_screen_applicants_.html
Last week, California passed a law forbidding employers to ask workers or job applicants for access to their social media accounts. It was following the lead of Maryland, which became the first state to pass such a law after reports surfaced that the state Department of Corrections was requiring applicants to log into Facebook during job interviews so the interviewers could see their profiles, photos, and wall posts. Other states have either passed or are considering similar laws, and congressional Democrats have drawn up bills along these lines as well.
It’s unclear how widespread this practice really is, but the impulse to legislate it is understandable.
In particular, Olanoff takes aim at a Salesforce.com job posting for a “community manager” that lists a “Klout Score of 35 or higher” among the desired skills for the position.
It’s one thing to argue that hiring managers might be missing out on great candidates if they focus too much on users’ Klout scores. But Olanoff doesn’t stop at telling hiring managers how to do their jobs. He wants the government to tell them how to do their jobs—by making it illegal to even consider applicants’ Klout scores.
Whether or not you agree with Fernandez that Klout is a useful signifier of someone’s social media expertise—and I’ve pointed out some of its limitations in the past—to suggest that it should be legally off-limits to employers is to reify a degree of social media privacy that simply doesn’t exist.
This is not to say that it’s impossible for anyone to maintain a modicum of privacy on Facebook or Twitter these days. Doctors, accountants, teachers, construction workers—people in any number of fields can still safely abstain from tweeting without fear that it will cost them their next job.
Tomi Engdahl says:
DONT TRACK US
http://donttrack.us/
When you search Google,
and click on a link,
your search term is usually sent to that site,
along with your browser & computer info,
which can often uniquely identify you.
That’s creepy, but who cares about some random site?
Those sites usually have third-party ads,
and those third-parties build profiles about you,
and that’s why those ads follow you everywhere.
That’s creepy too, but who cares about some herpes ads?
Your profile can also be sold,
and potentially show up in unwanted places,
like higher prices and getting insurance.
But there’s more.
Remember your searches?
Google also saves them.
Your saved searches can be legally requested,
and then come back to bite you (happens).
Or a bad Google employee could go snooping (happens).
Or Google could get hacked (happens).
So don’t get tracked when searching.
Use DuckDuckGo instead.
http://duckduckgo.com/
Tomi Engdahl says:
Four search engines that promise to protect your information better than Google search:
http://duckduckgo.com/
https://www.startpage.com/
https://ixquick.com/
http://blekko.com/
Tomi Engdahl says:
The Do Not Track standard has crossed into crazy territory
http://www.zdnet.com/the-do-not-track-standard-has-crossed-into-crazy-territory-7000005502/
Summary: The advertising industry wants to change the definition of Do Not Track into something Orwell would be proud of. One influential member of the W3C working group says he’s lost the energy to go on. Is it time to kill Do Not Track?
The debate over the Do Not Track standard has officially moved beyond Alice in Wonderland. These days, I’m not sure whether it’s 1984 or Brazil.
In a sane world, telling a website “do not track me” would result in behavior that assumed the person making the request did not want to have unnecessary data collected about them.
But to the online advertising industry, that DNT:1 signal means, “Right, you’re one of those idiots who thinks this is about privacy. Now give me all your data. You’re welcome.”
I cannot make this stuff up.
Tomi Engdahl says:
Senator Opens Investigation of Data Brokers
http://www.nytimes.com/2012/10/11/technology/senator-opens-investigation-of-data-brokers.html?pagewanted=all&_r=0
The multibillion-dollar data brokerage industry, a growing force in online marketing, is drawing intensified government scrutiny.
Because Americans now conduct much of their daily business online, the senator said he was concerned that “an unprecedented amount” of personal, medical and financial information about people could be collected, mined and sold, to the potential detriment of consumers.
“An ever-increasing percentage of their lives will be available for download, and the digital footprint they will inevitably leave behind will become more specific and potentially damaging, if used improperly,”
Unlike consumer reporting agencies, which are required by federal law to show people their own credit reports and allow them to correct errors, data brokers are not required to show consumers information collected about them for marketing purposes.
Earlier this year in a report on protecting consumer privacy, the F.T.C. urged the industry to create a centralized Web portal where consumers could learn about companies’ practices and their options for controlling information collected about them. The agency also recommended that Congress pass legislation giving people access to information that data brokers hold about them.
Industry representatives say that data-based marketers use consumer marketing data for legitimate commercial practices, not for regulated purposes like making offers of credit or insurance.
They add that collecting marketing data benefits consumers because it allows companies to send people offers for products and services they are interested in. It also increases efficiency
“Consumers love getting what they want — information, products, benefits, upgrades — when they want it,” said Ms. Woolley of the Direct Marketing Association. “There is no evidence that data-driven marketing harms consumers in any way.”
Tomi Engdahl says:
How much do Google and Facebook profit from your data?
New privacy monitor tries to put a price tag on your privacy.
http://arstechnica.com/tech-policy/2012/10/how-much-do-google-and-facebook-profit-from-your-data/
Savvy Internet users know that all the great stuff they get from the Internet for “free”—the searches, the social networks, the games, even the news—isn’t really free. It’s an exchange, where companies are able to take user data, sell it to advertisers, and make money that allows them to give themselves a paycheck while keeping you afloat in free digital services.
So that data you’re giving away online is worth something, but have you ever taken a stab at figuring out how much? A just-released privacy add-on for Firefox and Chrome, Privacyfix, gives it the old college try. Both Congress and the executive branch have been talking more about online privacy in the past couple years.
The estimates for Google and Facebook are imprecise, as the program’s creator, Privacy Choice founder Jim Brock, readily admits. “We wanted people to understand, it is a value exchange” when they use these sites, said Brock.
Privacyfix measures your last 60 days of activity on Google, extrapolates that to a year, and uses a value-per-search estimate. Analysts believed Google was making $14.70 per 1,000 searches in 2010, and possibly less in 2011. Of course, if you spend all your time searching for luxury hotels or mesothelioma lawyers—and then clicking through the advertised links—you’re much more valuable than the average user.
Brock says his estimated annual Facebook value was a mere $1.68. His daughter, perhaps unsurprisingly, is at $12. His Google value checks in at more than $700 per year, though.
Tomi Engdahl says:
Give a store your e-mail address, it’ll find you on Facebook
Facebook admits it: retail chains can use hashed e-mails to find and target users.
http://arstechnica.com/business/2012/10/give-a-store-your-e-mail-address-itll-find-you-on-facebook/
Facebook wrote up a post on Sunday attempting to explain some of its new approaches to selling and analyzing ads on the site, responding to user alarm about its partnership with data firm Datalogix. Among the revelations: stores can give Facebook hashed versions of customer e-mail addresses they’ve collected to target users with ads, and Facebook is allowing users to opt out of entire ad networks via a link in real-time ads.
Facebook’s recent partnership with Datalogix meant that it would be sharing data on ad viewership and how customers reacted to ad displays.
In the post written by Facebook privacy engineer Joey Tyson, Facebook highlights a new use for those e-mail addresses you’ve been tossing off while checking out at your favorite stores: a store can hash the e-mails it has in its database, Facebook will hash its own, and then the two parties will compare notes to find customers to show that store’s ads to. No actual information is shared, so Facebook skirts its third-party sharing promise again. Still, we don’t expect most Facebook users who have given out e-mail addresses to retail stores expected them to be used in this way, hashed or not.
This process could potentially take Facebook to the heights of creepy and invasive more quickly than before. Retail stores are already able to figure out female customers are pregnant before their immediate family members. If CVS takes your purchase history and hashed e-mail address and compares it to Facebook’s database, it can start serving you ads for soup when you buy cold medicine, condoms when you buy Cosmopolitan, or topical acne cream when you buy sparkly gel pens and a bag of candy.
Privacy groups have already begun prodding the FTC to look into the Facebook-Datalogix liaison.
Tomi Engdahl says:
Do Not Track supporters draw their line in the sand
Play by the rules or pay the penalties
http://www.theinquirer.net/inquirer/news/2216331/do-not-track-supporters-draw-their-line-in-the-sand?WT.rss_f=Home
SUPPORTERS of the Do Not Track standard have warned its detractors that they won’t stand for any nonsense, and have given backers an encouraging nudge in the direction of fair implementation.
In Europe, Neelie Kroes, the VP of the European Commission responsible for the Digital Agenda, has just given a speech in which she cautioned the industry against ignoring Do Not Track, messing around with its standards or abusing the cookie system.
“Standardisation work is not going according to plan. In fact, I am increasingly concerned. About the delay, and about the turn taken by the discussions hosted by the World Wide Web Consortium (W3C). I think that won’t come as a surprise to you. And I know that my colleagues across the Atlantic, at the Federal Trade Commission, feel the same.”
So what is the problem? According to Kroes the problem is a watering down of the standard, and she repeated her earlier calls for firm rules that actually protect the individual.
“It should build on the principle of informed consent, giving people control over their information. And, indeed, it must be designed to let people choose to not be tracked. The clue is in the name: do NOT track.”
“Privacy is an issue that affects everyone”
Tomi Engdahl says:
Do Not Track? Advertisers Say ‘Don’t Tread on Us’
http://www.nytimes.com/2012/10/14/technology/do-not-track-movement-is-drawing-advertisers-fire.html?pagewanted=all&_r=0
Do Not Track mechanisms are features on browsers — like Mozilla’s Firefox — that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising.
But what is really at stake here is the future of the surveillance economy.
The advent of Do Not Track threatens the barter system wherein consumers allow sites and third-party ad networks to collect information about their online activities in exchange for open access to maps, e-mail, games, music, social networks and whatnot. Marketers have been fighting to preserve this arrangement, saying that collecting consumer data powers effective advertising tailored to a user’s tastes. In turn, according to this argument, those tailored ads enable smaller sites to thrive and provide rich content.
“If we do away with this relevant advertising, we are going to make the Internet less diverse, less economically successful, and frankly, less interesting,” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry group.
Now regulators are warning that opposition to Do Not Track could backfire on advertisers, by giving browsers more incentive to empower frustrated users.“We might see a technology arms race with browsers racing to see — by letting consumers block ads — who can be the most privacy-protective,” says Mr. Leibowitz of the F.T.C. “Maybe that’s not a bad thing.”
Tomi Engdahl says:
Google ‘to be told by EU to unravel privacy policy’
http://www.guardian.co.uk/technology/2012/oct/15/google-privacy-policy
French data protection commissioner’s ruling that web giant must separate user data could have global impact, say sources
Google will be told on Tuesday to unravel the controversial changes introduced in March to its European privacy policy, legal sources have told the Guardian.
The French data protection commissioner, the CNIL, will be holding a press conference on Tuesday to announce the results of its deliberations together with the data protection chiefs of the other European Union countries.
Bradley Shears, a US-based lawyer who specialises in digital privacy law and has campaigned for increased privacy for users of services including Facebook, said he expects the CNIL to find that Google broke EU privacy law, and to oblige it to unwind the changes.
Shears told the Guardian: “Since Google had the technical capability to combine the data of all of its users’ accounts it should have the ability to reinstate the previous barriers that acted like a digital Chinese wall between its services that better protected user privacy.”
Google said then the new policy would simplify the user experience, and said it was confident it had obeyed “all European data protection laws and principles”.
But it was warned by the justice commissioner Viviane Reding that the changes might breach EU law.
There have been suggestions that trying to separate the data back into individual services would be like “unscrambling an egg”.
Google declined to comment on the forthcoming CNIL report, but said: “We are confident that our privacy notices respect the requirements of European data protection laws.”
Tomi Engdahl says:
When cookie spewers single you out, it IS personal, barks watchdog
Identifiers should be classed as ‘personal data’ – EU body
http://www.theregister.co.uk/2012/10/16/when_is_a_cookie_personal_data/
Information that can lead to individuals being “singled out and treated differently” should generally be classed as “personal data”, an EU privacy body has recommended.
The Article 29 Working Party has outlined changes (45-page/410KB PDF) to how it wants ‘personal data’ to be defined, and to what information the term should apply to, within the European Commission’s proposed General Data Protection Regulation. The draft text was published in January.
Whether information is deemed to be “personal data” is a fundamental issue in relation to data protection laws because the framework of rules governing data protection issues only apply to information that qualifies as personal data.
“Since establishing what constitute appropriate safeguards can only be done on a case by case basis, it would be impossible to provide further guidance in a legally binding document,” the Working Party said. “Therefore a more flexible instrument would be most appropriate to provide further guidance on what could be appropriate safeguards.”
Tomi says:
Verizon draws fire for monitoring app usage, browsing habits
http://news.cnet.com/8301-13578_3-57533001-38/verizon-draws-fire-for-monitoring-app-usage-browsing-habits/
“We’re able to view just everything that they do,” Verizon Wireless exec has boasted. Privacy groups say initiative — including linking databases showing whether customers own pets — may violate wiretap law.
Verizon Wireless has begun selling information about its customers’ geographical locations, app usage, and Web browsing activities, a move that raises privacy questions and could brush up against federal wiretapping law.
Tomi Engdahl says:
Apple resumes User Tracking with iOS 6. Here’s how to disable it
http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/
Apple got caught with its hand in the cookie jar when privacy experts protested the use of a universal device identifier, or UDID, to track the online preferences of iPhone and iPad users.
Enough is enough, right? Well, maybe not.
It looks like device tracking is back with iOS 6, courtesy of a new tracking technology: IDFA, or identifier for advertisers.
Like the UDID, the IDFA uniquely identifies your Apple device.
Tomi Engdahl says:
Dark Google: One Year Since Search Terms Went “Not Provided”
http://marketingland.com/dark-google-search-terms-not-provided-one-year-later-24341
A year ago, Google began going dark. Dark in terms of no longer sharing with publishers, in some cases, how people searched for and found those publishers through Google’s search engine.
Dark Google refers to visits from Google’s search engine that can no longer be tied to a particular search term.
When people search on a search engine, typically the search terms they used to find a web site are passed along to the publisher.
This is all a consequence of how our browsers have worked since before Google existed. Browsers pass along what’s called a “referrer,” which is kind of like a Caller ID system for the web (and sometimes spelled “referer” due to a historic misspelling).
This time last October, Google made a change to block this Caller ID system for anyone who was signed-in to Google when they searched. Why? Google said that it was designed to protect privacy.
Google was correct. This change did protect potential “eavesdropping” by others of what someone was searching for. However, Google deliberately left a hole in this privacy protection. Anyone clicking on its ads still had their search terms left vulnerable to eavesdropping.
My view is the search-side of Google wanted to better protect people from eavesdropping, especially in advance of Search Plus Your World, which potentially would expose more personally-revealing search terms. But the ad-side of Google demanded an exception so that advertisers wouldn’t be upset nor Google’s ad retargeting business harmed. The bottom line won. A privacy hole was left open for advertisers.
The numbers have risen because of a variety of factors.
But Google SSL Search — the method Google uses to protect signed-in searchers — can be used even by those who aren’t signed in. In July, Firefox started using Google SSL Search by default, figuring that would be a good privacy move (despite the advertiser loophole). Overnight, a huge chunk of search terms got withheld.
Referrer data has been one of the things that has made internet marketing so accountable. Sadly, signs of it dying away have been out there since 2010, and it’s just getting weaker. It’s continuing to take body blows on the search front, and I suspect those will get worse both for search referrers and in general.
It’s also important to reflect that in the year since this has happened, this year of Dark Google, SEO hasn’t died from the blackout nor has web publishing collapsed. The remaining referrer data still getting through and alternatives like Google Webmaster Central seem to suffice.
Plenty of publishers feel frustrated with or resentful toward Google over the change.
Tomi says:
For investors and others trying to solve the riddle of making money on mobile users, Marc Andreessen, the venture capitalist, extolled the virtues of the mobile era this way: “We’re going to know a tremendous amount about people.”
Source: http://www.nytimes.com/2012/10/23/technology/in-mobile-world-tech-giants-struggle-to-get-up-to-speed.html?_r=1&pagewanted=all
Tomi Engdahl says:
I just bought more than 1 million …Facebook data entries. OMG! /updated/
http://talkweb.eu/openweb/1819
I have the bloody habit to look for cheap deals on some websites and today I’ve got the featured offer to buy more than 1 million Facebook entries containing Full Name, e-mail and Facebook profile URL.
“the list is in a zipped excel format split into 12 sheets, each sheet containing roughly 100,000 email addresses with name, last name and facebook profile information separated with comma.”
Do you still feel secure?
Oh yes, the deal price was 5$ – five u.s dollars.
Tomi Engdahl says:
Data-Gathering via Apps Presents a Gray Legal Area
http://www.nytimes.com/2012/10/29/technology/mobile-apps-have-a-ravenous-ability-to-collect-personal-data.html?ref=technology&_r=1&
Angry Birds, the top-selling paid mobile app for the iPhone in the United States and Europe, has been downloaded more than a billion times by devoted game players around the world, who often spend hours slinging squawking fowl at groups of egg-stealing pigs.
While regular players are familiar with the particular destructive qualities of certain of these birds, many are unaware of one facet: The game possesses a ravenous ability to collect personal information on its users.
“When I am giving a talk about this, some people will pull out their smartphones while I am still speaking and erase the game,” Mr. Hong, an expert in mobile application privacy, said during an interview. “Generally, most people are simply unaware of what is going on.”
What is going on, according to experts, is that applications like Angry Birds and even more innocuous-seeming software, like that which turns your phone into a flashlight, defines words or delivers Bible quotes, are also collecting personal information, usually the user’s location and sex and the unique identification number of a smartphone. But in some cases, they cull information from contact lists and pictures from photo libraries.
In the United States, the data collection practices of app makers are loosely regulated, if at all; some do not even disclose what kind of data they are collecting and why.
“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” Ms. Harris said at the time.
The makers of Angry Birds, Rovio Entertainment of Finland, discloses its information collection practices in a 3,358-word policy posted on its Web site. But as with most application makers around the world, the terms of Rovio’s warnings are more of a disclaimer than a choice.
Policy practices like Rovio’s often do little to inform consumers. Most people simply click through privacy permissions without reading them, said Mr. Hong, the Carnegie Mellon professor. His institute is developing a software tool called App Scanner that aims to help consumers identify what types of information an application is collecting and for what likely purpose.
In Europe, lawmakers in Brussels are planning to bring Web businesses for the first time under stringent data protection rules and to give consumers new legal powers, the better to control the information that is being collected on them.
Tomi Engdahl says:
Is Silicon Valley Morally Bankrupt and Toxic?
http://tech.slashdot.org/story/12/10/29/2332216/is-silicon-valley-morally-bankrupt-and-toxic
“Companies like Google and Facebook — in common with most public companies — have interests that are frequently in conflict with the well-being of — I was going to say their customers or their users, but I’ll say ‘people’ in general, since it’s wider than that. People who use their systems directly, people who don’t — we’re all affected by it, and although some of the outcomes are positive a disturbingly high number of them are negative”
“Social networks designed to identify you to corporations so they can sell you more stuff won’t fix it. Better ad targeting or content matching algorithms definitely won’t fix it.”
Tomi Engdahl says:
The Web Won’t Be Safe Or Secure Until We Break It
http://it.slashdot.org/story/12/11/07/2039226/the-web-wont-be-safe-or-secure-until-we-break-it
“Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. ‘These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.’”
“By adopting a similar application model on the desktop using custom-configured Web browsers (let’s call them DesktopApps), we could address the Internet’s inherent security flaws”
The Web Won’t Be Safe or Secure until We Break It
http://queue.acm.org/detail.cfm?id=2390758
Unless you’ve taken very particular precautions, assume every Web site you visit knows exactly who you are.
Tomi Engdahl says:
Post Petraeus Scandal Google Releases Stats Showing Uptick in Gov Requests for Data
http://www.wired.com/threatlevel/2012/11/google-user-data-report/
The release of Google’s semi-annual Transparency Report, showing government requests for data for the first six months of this year, was never more relevant, following in the wake of reports that FBI investigators uncovered the affair between former CIA director David Petraeus and his biographer Paula Broadwell after gaining access to email accounts used by Broadwell.
According to the report, the United States’ demand for user data from Google continued to increase this year, with law enforcement agencies nationwide submitting requests 7,969 times for the first six months of the year, Google revealed Wednesday.
Tomi Engdahl says:
Surveillance and Security Lessons From the Petraeus Scandal
http://www.aclu.org/blog/technology-and-liberty-national-security/surveillance-and-security-lessons-petraeus-scandal
When the CIA director cannot hide his activities online, what hope is there for the rest of us? In the unfolding sex scandal that has led to the resignation of David Petraeus, the FBI’s electronic surveillance and tracking of Petraeus and his mistress Paula Broadwell is more than a side show—it’s a key component of the story. More importantly, there are enough interesting tidbits (some of which change by the hour, as new details are leaked), to make this story an excellent lesson on the government’s surveillance powers—as well as a reminder of the need to reform those powers.
Metadata is king
Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, US law currently permits law enforcement agencies to obtain these records with a mere subpoena—no judge required.
Although Ms. Broadwell took steps to disassociate herself from at least one particular email account, by logging into other email accounts from the same computer (and IP address), she created a data trail that agents were able to use to link the accounts.
Digital “dead drops” don’t protect you from government surveillance
For more than a decade, a persistent myth in Washington DC, fueled by several counterterrorism experts, has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a “draft” folder.
Apparently, this method was also used by General Petraeus. According to the Associated Press
The problem is, like so many other digital security methods employed by terrorists, it doesn’t work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy).
I hope that this scandal will finally kill off this inaccurate myth about hiding emails from the government. General Petraeus should have known better—placing documents in an email “drafts” folder is not an effective way to hide things from the government. It wasn’t 10 years ago, and it certainly isn’t anymore.
Tomi Engdahl says:
Automatic Facebook couple pages: Nauseating sign of desperation
Ad firm frantically churns the content you gave it
http://www.theregister.co.uk/2012/11/15/facebook_couples_page/
A week after Facebook introduced the nauseating idea of automatic couple pages, it has been rolled out to users across the globe, inducing reactions such as: “creepy and intrusive”, “retch-inducing” and “smug”.
Facebook users who have listed themselves as “In a Relationship” or “Married” and linked their profile to their partner’s will find that Facebook has automatically generated them a couple page
You don’t need to be a dyspeptic technology hack to find this nauseating.
Yes, it’s all data you uploaded, but it belongs to Facebook now, and there’s not much you can do about how they remix and reuse it. The only way out of the couple page appears to be breaking up with your partner (on Facebook) or flat out defriending them. Breaking up with them on Facebook will send everyone in your friendship circles a notification that your relationship has ended next to a graphic of a broken heart.
With Facebook user sign-ups decreasing in the States and Europe, and shareholder interest increasing, in an angry why-has-the-share-price-fallen-so-badly way, Facebook are pulling tricks out of the hat
Tomi Engdahl says:
What if companies could track you offline like they do online? Watch this winning video from Firefox Flicks for the answer.
Mozilla Video: Paranoid
https://firefoxflicks.mozilla.org/en-US/video/286
Tomi Engdahl says:
Why Big Data Could Sink Europe’s ‘Right To Be Forgotten’
http://yro.slashdot.org/story/12/11/21/017245/why-big-data-could-sink-europes-right-to-be-forgotten
“Europe’s proposed ‘right to be forgotten’ has been the subject of intense debate, with many people arguing it’s simply not practical in the age of the internet for any data to be reliably expunged from history.”
“The European Network and Information Security Agency (ENISA) has published its assessment of the proposals (PDF), and the tone is skeptical to say the least. ”
“‘Removing forgotten information from all aggregated or derived forms may present a significant technical challenge. “
Tomi Engdahl says:
Electronic privacy deserves a bipartisan upgrade
http://thehill.com/blogs/congress-blog/technology/269303-electronic-privacy-deserves-a-bipartisan-upgrade
Today, if the police want to come into your house and take your personal letters, they need a warrant. If they want to read those same letters saved on Google or Yahoo they don’t. The Fourth Amendment has eroded online.
Americans for Tax Reform and the American Civil Liberties Union are members of the Digital Due Process Coalition, a wide-ranging group of privacy advocates, think tanks and businesses, like Microsoft, Google, Apple, AT&T, that often disagree on different issues. However, we can agree on consistent privacy protection for digital documents.
The Fourth Amendment, “the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause,” is the cornerstone of American privacy protection. We agree that the Electronic Communications Privacy Act (ECPA), though forward-thinking in 1986, has become outdated as we head in to 2013.
At the time ECPA was passed, digital storage was expensive.
Today, storage is cheap and seemingly endless, so why would you delete an important email already stored in a simple searchable format?
Unfortunately these digital documents lack long-held privacy safeguards. Email saved in web-based email systems like Yahoo for longer than six months can be accessed with an administrative subpoena, which provides less protection than a warrant. Similarly, no matter what privacy setting you use, sensitive and personal information — photos, private journals, Facebook pages, corporate data, draft reports — shared with third parties like Google and Facebook can be accessible by police without a judge’s approval. All the government has to do is swear it’s “relevant” to an investigation.
If you’ve stored anything in the cloud via a web-storage service like DropBox, Salesforce or Microsoft Azure you have very little protection. The government can compel such companies to produce documents without timely notice to you. This practice not only lacks judicial approval, but also hinders your ability to challenge a subpoena in court.
The medium, in this case, should not matter. The content is personal information that deserves full privacy protection consistent with the Constitution. If law enforcement would like to see your electronic documents stored with an Internet company, then they should need a warrant.
We recognize the importance of ensuring that government has the tools required for effective law enforcement, but extending warrant protection to cloud services and email that’s more than six months old will not significantly impede investigations.
Tomi Engdahl says:
Data cops seek ‘urgent clarification’ on new Facebook advertiser plans
We advertise to you next to your own content … bitch
http://www.theregister.co.uk/2012/11/22/facebook_data_use_policy_proposed_rewrite_makes_users_cross_again/
Facebook never fails to whip up a frenzy about privacy each time it proposes changes to its personal-content advertising platform. This time around users are slowly starting to complain about the risk to security posed by the company’s plans to help “improve the quality of ads.”
The company – which plunged onto Nasdaq in May this year – is doing everything it can to shake as much ad revenue out of the site as possible by unsurprisingly proposing to open its users’ data even more. Some have suggested that this means Facebook will build unified profiles of its users akin to, say, those of Google+.
After all, Facebook is front and centre a free-content ad network. It takes the content its users give it, and runs ads by them.
On top of that plan, Facebook is also expected to tweak the way users determine who can and can’t send messages to them on the site.
Tomi Engdahl says:
ITU Approves Deep Packet Inspection
http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-packet-inspection
“One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression. The new Y.2770 standard is entitled ‘Requirements for deep packet inspection in Next Generation Networks’, and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy & Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people.”
Tomi Engdahl says:
Advertising May Soon Follow You From One Device To the Next
http://tech.slashdot.org/story/12/12/06/2237219/advertising-may-soon-follow-you-from-one-device-to-the-next
“We’re all familiar with ads that seem to follow you around as you go from one website to another. A startup called Drawbridge has developed technology that could let those ads follow you even when you pick up a smartphone or tablet. The company, founded by an ex-Google scientist employs statistical methods to try to match and identify users on different devices.”
Tomi Engdahl says:
Get Ready for Ads that Follow You from One Device to the Next
http://www.technologyreview.com/news/508176/get-ready-for-ads-that-follow-you-from-one-device-to-the-next/
A former Google advertising scientist is behind a service that matches people across devices to serve more targeted advertisements, while promising to protect their privacy.
Kamakshi Sivaramakrishnan calls herself an “advertising quant.” Most people with a PhD in her field of information theory are recruited onto Wall Street if they decide to leave the halls of academia, she says.
She chose to go into advertising instead, and, with her startup, Drawbridge, is applying her expertise to a problem central to the bottom line of a wide swath of digital companies: how to make advertising pay as audiences move over to mobile devices. Founded in 2010, Drawbridge is using statistical methods that rely on anonymous data to track people as they move between their smartphones, tablets, and PCs.
“Retargeting is a powerful strategy on the Web, and we are bridging that to mobile devices as well,”
One problem is that advertisers are skeptical about the effectiveness of mobile ads, a question now plaguing practically every Web company that makes its money by selling advertising. Sivaramakrishnan, who previously worked for the mobile ad network AdMob and then at Google after it was acquired by the search giant, believes that mobile ad targeting technology has not evolved quickly enough—she left Google in 2010 frustrated by the slow pace even there.
“We are triangulating the user’s behavior,” says Sivaramakrishnan. “As we observe the user, we are able to hone in.” Once they reach a threshold of certainty that two cookies represent the same person, they call it a match.
Tomi Engdahl says:
A Vault for Taking Charge of Your Online Life
http://www.nytimes.com/2012/12/09/business/company-envisions-vaults-for-personal-data.html?pagewanted=all
“YOU are walking around naked on the Internet and you need some clothes,” says Michael Fertik. “I am going to sell you some.”
Naked? Not exactly, but close.
he views the digital screens in our lives, the smartphones and the tablets, the desktops and the laptops, as windows of a house. People go about their lives on the inside, he says, while dozens of marketing and analytics companies watch through the windows, sizing them up like peeping Toms.
By now many Americans are learning that they are living in a surveillance economy. “Information resellers,” also known as “data brokers,” have collected hundreds to thousands of details
on almost every American adult.
Other companies that specialize in ranking consumers use computer algorithms to covertly score Internet users, identifying some as “high-value” consumers worthy of receiving pitches for premium credit cards and other offers, while dismissing others as a waste of time and marketing money.
As these practices have come to light, several members of Congress, and federal agencies, have opened investigations.
Now, Mr. Fertik, the loquacious, lion-maned founder of Reputation.com, says he has the free-market solution. He calls it a “data vault,” or “a bank for other people’s data.”
Reputation.com is at the forefront of a nascent industry called “personal identity management.” The company’s business model for its vault service involves collecting data about consumers’ marketing preferences and giving them the option to share the information on a limited basis with certain companies in exchange for coupons, say, or status upgrades.
Tomi Engdahl says:
Phone apps for children causes worries in the U.S.
U.S. authorities have been investigating for children marketed mobile applications. The reason for this is a concern for children’s privacy.
Under the current rules, companies should get parental consent before information is collected under the age of 12. In many cases, parents do not know about the collection of data.
According to the report part of the applications submitted user information to advertisers. Applications, for example, the device can locate the user’s position and save the mobile phone number.
Source: http://www.3t.fi/artikkeli/uutiset/teknologia/lapsille_suunnatut_puhelinsovellukset_huolettavat_usa_ssa