With all the recent ruckus over Google and Apple location tracking on their respective mobile OS's, I feel reluctantly compelled to add my two bits.
Wow.... Really?
It is hard to imagine that people are all up in arms about this. I honestly thought that nobody cared - and I think that maybe Google and Apple were caught off guard in this respect as well. With all the information sloughing off from the average web user, who would have thought that anybody cared about a little location logging?
I had no idea that the apathy was mostly ignorance or denial - it seems that people are concerned about privacy after all, but are totally ignorant about the real, omnipresent threats to their personal information online.
So, to enlighten those of you that are not counted among the Digirati.....
Did you know that when you visit most commercial websites, tracking cookies are installed on your computer that make it possible to monitor what pages you view, to send you targeted advertising based on your surfing habits?
Frequently this information is tied to a unique identifier that specifically identifies you, the real person, along with your approximate location, home address, neighborhood demographics, and property tax information.
This info, along with your IP address (and physical connection point to the internet) is all hoovered up and stored on servers all over the planet, sold around to various marketing companies, and has virtually no regulatory oversight.
Make no mistake, any time you are online, from laptop, cellphone, or your home / work machine, there are a handful of companies that know exactly where you are and what you are doing on the web, and this information they use and sell as they please.
Then there are social networking sites like Facebook, where not only your information is exploited but also the information about your relationships, friends and social networks too.
Let me show you scenario number one, a very simple and altogether too possible example of how this knowledge about your relationships can be exploited and sold:
When Brandy visits her favorite social networking (social spying) site, Spybook.com reads the tracking cookies that indicate that she also spends a lot of time chatting at hot singles.com. Spybook.com also knows that she is married to Tim.
(edit - see comments for more detail on technical aspects of this)
From this information, they send Brandy advertisements on how to meet hot single guys in her area, and where to buy stunning, discounted lingerie. Ok great....
But....they also send targeted advertising to Tim (also a happy spysite user) about how to know if his partner is cheating (is she suddenly buying a lot of new lingerie?), how to track a cheating partner with a button sized GPS tracking device, and an introduction their selection of local divorce lawyers.
It is worth noting that Spybook.com also knows that Brandy has surfed the web from a local super 8 hotel during lunchtime, while Tim was online at the office....but Spybook.com doesn't even know that they know this yet. Some other company will notice this five years from now when they buy the data from Spybook.com to look for things that they find to be of interest.
Really.
Just like that.
Then, when the Spybook.com tracks Tim visiting the divorce lawyers pages, they start with the "hot singles" in his area too, along with promoting infidelity paranoia among his male friends, who will be doubtlessly looking a bit more carefully at their own relationships....one can see where this starts to cross the line from opportunistic exploitation to vague social manipulation.
Before you write this off as paranoid (ok, it is a -little- paranoid) ... ever been to a website that had ads that were eerily appropriate, even if in a caricature of real life?
The Facebook 'like' button is another good example of this technology. Any time it exists on a webpage - any web page - it is sending back to the Facebook.com database that you, the registered Facebook user, are viewing that specific page, at that specific time from that specific machine, at that specific location.
And no, you don't have to click on anything for this to happen... but, if you do, well, what a goldmine!
If you click 'like' then the article or comment becomes part of your dossier, to mine for information that can be used to further understand your most basic motivators and marketing vectors.
Now imagine what can be done with this information, along with your geographical habits, spending history, and all those tagged photos of you....did you know that any of them taken from a cellphone may also have date, time, camera direction and GPS location imbedded in the meta-data?
Now, of course, all of this information is also available to government agencies, investigators, and anyone else with a budget or the ability to obtain the information, whether legitimately or not.
To make matters only slightly worse, if your computer or browser gets infiltrated by spyware then it can extract even more information.
In my experience as an IT professional, I can safely say that more than 75% of the computers that I encounter are carrying spyware of some kind, usually knowingly installed by the user .....browser toolbars, anyone?
Information usually collected by spyware, besides browsing history, includes your web searches (Google, Bing, and Yahoo already do this anyway, of course), and in the case of black-hat spyware, all your keystrokes and browsing history, credit card numbers used online, etc.
With so many of us intentionally or unintentionally giving away the most intimate of details to the highest bidder (and to that hacker guy in eastern Europe), I find it curious that the Android / Iphone tracking issue raised such an alarm....it really is the least of our worries.
That said, it would be a good thing, I think, to set standards for the collection and protection of personal information, and to require specific, plain language opt - ins for the use of such information. Plain language, instead of the legalese never-read "terms and conditions" that we are all so familiar with.
An opt-in that you had to approve, prior to any website collecting personally identifiable information, (especially to any 3rd party) would be a powerful tool for consumer protection. Perhaps an opt-in that popped up every 10 times it collected your information, which you could then make permanent for one year - or something like that.
Of course, you can just turn off cookies, but that will eliminate a great deal of the functionality that we have come to expect from the modern web.
Maybe these suggestions are foolish or poorly thought out....please feel free to post your suggestions.
Hey it's Sean Fisher. Just wondering, what OS do you run on your computer?
ReplyDeleteGood post Tamer, but I have two observations.
ReplyDeleteFirstly, there are legitimate uses of tracking data that are useful to the visitor, such as analysing usage of a site in order to improve the content or make it more relevant to users. Also many websites (such as mine!) do not share or sell their users data.
Secondly, from a purely technological standpoint, I'd like to point out that it is not possible for one website to read cookies set by another site. Therefore it is not possible that "Spybook.com reads the tracking cookies that indicate that she also spends a lot of time chatting at hot singles.com".
However, it is of course perfectly possible for hotsingles.com to share this info with spybook.com in other ways.
Sean,
ReplyDeleteI run ubuntu 10.x on my regular work machine, and on the rare occasions that I need to run a MS or Mac - only application, I run a stripped down version of XP or OSX inside a Virtualbox virtual machine under linux.
Ceaser ,
Thank you for helping to elucidate my rather vague treatment of scenario # 1
Right you are, it would require hotsingles.com to have a "like" button or some other referring tidbit of script in it to record the visit.
The catch is that the proliferation of 2nd and 3rd party trackers makes this entirely too likely.
Trackers are embedded in banner ads and "official" links to a major web service ("like" button, etc).
As far as legitimate uses of tracking data, I would argue that it is almost all legitimate, as long as it does not contribute to illegal acts.
Legitimacy and desirability are relatively distant cousins in this case, though....
That said, as I mentioned at the bottom of the article, a lot of the functionality we have come to expect from our web browsing experience is dependent upon cookies, including ones that we might also consider to be "tracking cookies".
What I find relatively effective is to block all 3rd party cookies, and on the rare occasions that this interferes with site operation, I can make a specific exception.
This probably only knocks down my profile about 25%, but it is both the low hanging fruit, so to speak, and also takes out some of the most obnoxious of the trackers.
Ummm... really... like they ARE watching me!!??
ReplyDeleteAAAAAugh! I just Knew it!! I will never surf norp agin', I swear it! But... I don't even Like Cookies... Can't I just say NO?
Yeah, 3rd party cookies are close enuf 4 me too. How ya be, Bro?
ReplyDeleteشركة المثالية للتنظيف بالاحساء