Web Trackers have been a hot topic in recent news, yet most of us are oblivious not only the extent they are used, but also to the potential for misuse of our personal information currently being aggregated in countless databases around the world.
On the day of this writing, I searched for “cordless drill” on the websites of three very familiar, top 20 global retailers and counted a total of 171 trackers. These trackers are essentially programs that execute when a website page is visited or some action is taken by the user, such as performing a search or clicking on a link or an item of interest. The programs are generally written by companies that benefit financially through targeted advertising or by the sale or use of the aggregation of the data (i.e., “Big Data” – large databases typically analyzed to identify patterns or trends in human behavior). With the exception of a hijacked website, trackers that exist on any given website are the products of the website owner or their invited partners or affiliates.
Most of us have experienced a targeted ad (e.g., for a cordless drill) while on Facebook and concluded that it was in connection to a previous search for that item on another site. Some of us may generally be OK with tracking for that purpose. But would we be OK knowing that a database may contain much more personal information, such as finances, health, religious beliefs, political affiliation, race, ethnic background, or even sexual preferences? Would it concern you even more if these tracker programs were recording our Internet activity over time and establishing long-term profiles of us on an individual basis?
Many of us think that we are surfing the web anonymously, but is that really true? There have been numerous reports and research studies over the past decade which show how personal identity could be obtained by Web Trackers – even when no personal website login information was entered. As social media was becoming extremely popular, representatives from AT&T Labs and Worcester Polytechnic Institute published a research paper making it clear that default settings of many social networking applications caused Personal Identifiable Information (PII), such as our name, location, gender, activities, employer, and even our friends list, to be accessible to tracker programs. More recently, it was discovered that simply surfing the web from a device associated with a major cellular provider exposed personal account information to trackers, essentially connecting “anonymous” web activity to an individual.
In fairness, most of the sites we visit on a regular basis publish and comply with their information privacy policies – generally limiting use of the data to targeted ads and/or broad, non-personal, categorizations of aggregated data. Google, for example, currently has only one tracker (owned by Google) that executes when a search is performed. Based on their information privacy policy, their tracker program would essentially just record the interest in a cordless drill (using the same example as above). While they would also likely record geolocation of the user and other categorical information that would be useful for data analytics and general marketing, they do not associate the activity with an individual. On the other hand, if a typical retail website has fifty or more trackers, most of which are third-party owned, how can you feel comfortable that the actual data recorded and its use will be consistent with the information privacy policy of the site owner?
While concerned end users, security researchers, and lawmakers, will continue to identify unscrupulous behaviors and effect change consistent with our collective privacy interests, I would like to leave you with a few suggestions to help you take matters into your own hands. First and foremost, review and revise any available privacy settings to meet with your comfort level (e.g., limit sharing of name and location information to your friend list) and know the information privacy policies of all your social network applications and any applications/websites that you use to record or share personal information. Find and install tools that make Web Trackers visible to you and, more importantly, allow you to selectively block them from embezzling your personal data. Consider the Ghostery Browser Extension, which is highly rated by users and free.
Wishing you all a happy holiday season and safe web surfing.