INFO: The Electronic Freedom Foundation on “User tracking on the web today”

imageImagine a world where your every move is recorded…
Submitted for your approval:  Imagine waking up the in morning, strapping on a GPS the going to work in a taxi with all the details of your travels being recorded throughout the day.  Then upon arrival, you put on a video camera & a voice recorder and you have meetings with people, with every action recorded.  Then you start making phone calls using someone else’s phone, with all your phone calls, your conversations, duration, etc. being recorded.  Then you go down for lunch and buy everything using a credit card but you slide your credit card into a slot for every product your CONSIDER buying, not just the one’s you actually buy.  Then after work, you go to a bar and the bartender measures precisely how much you drink & what you drink and records it.

Now imagine all that information going a single personal profile that only 1 organization has… on YOU. 

What does this have to do with the Internet?
For the average person on the Internet, merrily going about their day, browsing the Internet is pretty much the electronic version of the experience I’ve described above.  When people surf the web – even when they’re home alone, and not at work – they’re completely unaware that their actions are being monitored by corporations that are exceptionally interested in who they are, what they do, how to find them again, and what sort of patterns they follow.  This information helps these corporations anticipate their next moves… extrapolates what people like them do en masse… categorizes them and places them into market segments…

…otherwise making you predictable.

Wait?  Is that so wrong?  What’s wrong with being predictable?
There’s a lot wrong with being predictable… or more appropriately, being ASSUMED to be predictable.  Here’s one example:  In TV today, Nielsen ratings are measured based viewership and on market groups.  If you are categorized at 18-35 viewer, your opinion is highly-coveted because it is believed by advertisers that the 18-35 market segment is easily influenced.  This segment of buyers have people who have not had their routines… their mannerisms… their day-to-day purchases “set in stone”.  They can be sold to.

Compare and contrast that with the 25-55 market segment in advertising.  This is a segment that are considered “older” and “set in their ways”.  Thus advertisers aren’t particularly interested in them unless they are selling products specifically for that older group.  As a result, the input or the say of the 25-55 market segment is not nearly as influential as that of the 18-35 market.

Being categorized is NOT to people’s benefit.  It dis-empowers individuals because being profiled means people make assumptions about you before you even get the chance to voice an opinion and be heard.  It closes doors and limits people’s opportunities.

Okay.  So I don’t want to be categorized.
If you’re under the impression that the only way people follow you on the Internet to “categorize” you is via “web site cookies”, you’re dead wrong.  Cookies are definitely a problem, but they’re just a small segment of the problem.  Companies that want to track you to market your presence to advertisers are constantly thinking of new and nefarious ways to identify you so they can watch your behavior and classify your profile.

The Electronic Freedom Foundation wrote a series of articles that go into great detail of how companies track you and what the concerns are.  They are VERY good reading I encourage everyone to go through them because it’s important that people understand how they are being followed every day by companies such as Google and used for their own gains.

New Cookie Technologies: Harder to See and Remove, Widely Used to Track You
Technical Analysis by Seth Schoen

Cookies are still a privacy problem for web users, many years after privacy advocates first raised concerns about their use to track web browsing. Today, cookies are one of the main mechanisms that advertising companies like Google use to track and profile users across sites and over time — often building up a single gigantic profile for years and years. Many EFF members respond to this threat by using their browsers’ cookie management features to limit which cookies they’ll accept or how long they’ll be retained.

But it turns out that the cookie situation is quite a bit trickier today, and sites that want to track users have new technical options that are hard for users to respond to. The traditional "cookie" is an HTTP cookie, invented by Lou Montulli and John Giannandrea at Netscape in 1994. But today many browsers implement a range of things with the same kind of cookie-like tracking behavior — mechanisms that are far less familiar, harder to notice, and often harder to control.


But it doesn’t stop there.  Sure tracking your identity is one part of the equation.  But how do they aggregate this information to create an overall profile of you?

How Online Tracking Companies Know Most of What You Do Online (and What Social Networks Are Doing to Help Them)
Technical Analysis by Peter Eckersley

3rd party advertising and tracking firms are ubiquitous on the modern web. When you visit a webpage, there’s a good chance that it contains tiny images or invisible JavaScript that exists for the sole purpose of tracking and recording your browsing habits. This sort of tracking is performed by many dozens of different firms. In this post, we’re going to look at how this tracking occurs, and how it is being combined with data from accounts on social networking sites to build extensive, identified profiles of your online activity.

How 3rd parties get to see what you do on the web.

Let’s start with an example of 3rd party tracking: when we went to, which is the largest online jobs site in the United States, and searched for a job, CareerBuilder included JavaScript code from 10 (!) different tracking domains: Rubicon Project, AdSonar,, (all three are divisions of AOL advertising), Quantcast, Pulse 360, Undertone, AdBureau (part of Microsoft Advertising), Traffic Marketplace, and DoubleClick (which is owned by Google). On other visits we’ve also seen CareerBuilder include tracking scripts and non-JavaScript web bugs from several other domains. There are pretty sound reasons to hope that when you search for a job online, that fact isn’t broadcast to dozens of companies you’ve never heard of — but that’s precisely what’s happening here.


Outside of 3rd party tracking, there’s an even more insidious manner in which you are being watched and it’s called “browser fingerprinting”.   Your browser presents information AUTOMATICALLY to web sites you visit and this information is a lot more extensive than you realize.  It’s so extensive that it’s often uniquely identifiable and traceable directly to your computer regardless of what cookies you block or what safeguards you’ve established.

Browser Versions Carry 10.5 Bits of Identifying Information on Average
Technical Analysis by Peter Eckersley

Whenever you visit a web page, your browser sends a "User Agent" header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).

Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.

User Agents: An Example of Browser Characteristics Doubling As Tracking Tools

When we analyze the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: