The Wall Street Journal, which has been doing great work on Internet privacy, has a disturbing piece today on the way online data companies build “profiles” of your intimate life — even if you try to stop them by deleting browser cookies. The disclosures are not entirely new — Wired, for example, has done good reporting on it before — but the Journal adds a lot to the conversation.
The 50 most popular web sites “placed 3,180 tracking files in total on the Journal’s test computer.” About “two-thirds—2,224—were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.” Ever notice how slowly pages load in Dictionary.com? That site alone installed 233 separate pieces of tracking software.
The Journal doesn’t say so, but industry spokesmen who claim the profiles they assemble are “anonymous” are fundamentally dishonest. When Lotame Solutions Inc. tracks Ashley Hayes-Beady around the web, the company assures the Journal that it knows her only as user “4c812db292272995e5416a323e79bd37.” Perhaps so, but Lotame could easily identify her by correlating her profile with other information that is widely sold by information brokers. And it is damn near certain that some of Lotame’s customers do exactly that.
What do they know about you?
Information about people’s moment-to-moment thoughts and actions, as revealed by their online activity, can change hands quickly. Within seconds of visiting eBay.com or Expedia.com, information detailing a Web surfer’s activity there is likely to be auctioned on the data exchange run by BlueKai, the Seattle startup.
The Journal found tracking files that collect sensitive health and financial data. On Encyclopaedia Britannica Inc.’s dictionary website Merriam-Webster.com, one tracking file from Healthline Networks Inc., an ad network, scans the page a user is viewing and targets ads related to what it sees there. So, for example, a person looking up depression-related words could see Healthline ads for depression treatments on that page—and on subsequent pages viewed on other sites.
Healthline says it doesn’t let advertisers track users around the Internet who have viewed sensitive topics such as HIV/AIDS, sexually transmitted diseases, eating disorders and impotence. The company does let advertisers track people with bipolar disorder, overactive bladder and anxiety, according to its marketing materials.
There are tools you can use to limit your exposure to this sort of spying, but they’re not good enough to stay ahead of the outrageous practices of the commercial surveillance industry. As the Journal notes, “there are no legal limits on how that data can be used.” Without better privacy laws, there’s no complete self-defense short of unplugging your computer.
Still, there is plenty you can do yourself. For today’s homework, check out these Firefox add-ons:
- Ghostery lets you spy on the spies in your computer. For each web page you visit, this extension uncloaks some — but not all — of the invisible tracking software that is working behind the scenes.
- NoScript is probably the most important privacy tool, but it costs you in convenience. NoScript blocks tracking software (which is legal) and malware (illegal) that attempts to inject viruses and trojans into your computer. It does so by blocking Java scripts, which execute code as soon as you arrive on a page. But a lot of legitimate functions on the web depend on Java, so you’ll have to make exceptions site by site. As I write this post, NoScript is blocking efforts by Quantserve.com to track me. But if I hadn’t told NoScript to unblock WordPress.com, which I’m using to write this post, the site would not have worked at all. Fortunately, NoScript remembers the exceptions. Over time it’s much easier to work with.
- Better Privacy lets you see and delete “flash cookies,” one of the major spy tools described in the Journal article. The help file has a good clear explanation.
I’d love to know if anyone knows a good tool for disabling “beacons,” the most sophisticated surveillance tool described by the Journal.