Tag Archives: Online tracking

How to Stop Being Tracked Online

 

Internet

Digital sketch of the Internet, 2014. Artist: Barrett Lyon, Opte.org, Creative Commons

By Hanging Chen, ProPublica

 

Many sites (including ProPublica and F&O) track user behaviour using a variety of invisible third-party software. This means any time you visit a web page, you’re likely sharing data about your online habits, from clicks to views or social shares, whether you realize it or not. But there are a few ways to combat online tracking — although none can block some of the more sophisticated tracking techniques, such as ‘fingerprinting‘ and ‘onboarding.’ Here are three tools that block the most common trackers.

Ghostery

Featuring an ever-growing database of over 1,900 tracking entities, Ghostery’s browser add-on can detect online trackers as you browse specific pages.

On each website, Ghostery displays a list of entities tracking data from that site in the upper right corner of the screen. Although it shows you all the trackers it detects, Ghostery does not block them by default. You must visit the settings page to block individual trackers or block all trackers.

If you don’t mind being tracked by the third parties on a particular website, you can “whitelist” the site using the extension’s dashboard.

Ghostery users are encouraged to opt in to Ghostrank, a service that sends anonymous information to a Ghostery server about where and how users encounter trackers. Ghostery is a for-profit company that analyzes the Ghostrank information and sells it to companies that want to manage their tracking businesses.

Ghostery is maintained by a team of analysts who keep the list of trackers up to date, according to Andy Kahl, Ghostery’s Senior Director of Transparency.

Ghostery’s add-on is available for most widely-used browsers, including Chrome, Firefox, Opera, and Safari. It’s also available for mobile devices on iOS and Firefox Android.

Disconnect

The Disconnect tracker add-on takes a user-friendly approach of blocking trackers by default, but allowing requests that it considers to be necessary for loading content.

Full disclosure: Disconnect gave ProPublica $7,759.54 last year in donations from its users and expects to contribute another $1,500 after featuring us as a Charity of the Month for May 2014.

Disconnect detects trackers based on the number of requests they’ve made for your information, and displays them in one of four categories: advertising, analytics, social and content. Users can re-enable a tracker or whitelist a website from the dashboard in the upper right hand corner of the Web browser.

The extension also features a nifty visualization of all of the requests surrounding the page you’re on, with a graph of each third-party request connected to the current page, and a rundown of web resources saved by disabling trackers, like bandwidth and browsing speed.

Disconnect maintains its database of trackers by crawling popular websites for third-party requests, then categorizing those requests by type, according to co-founder Casey Oppenheim. The Disconnect database is open source, unlike Ghostery’s library of trackers.

Disconnect also provides a separate browser extension that allows you to search anonymously on engines including Google, Bing, Blecko and DuckDuckGo. Disconnect routes your search queries through their own servers, so Google, for example, would effectively see and store your search as a request from Disconnect instead of you.

Disconnect also lets users view ratings for each website’s privacy policies in nine color-coded icons designed to correspond to a variety of privacy concerns, from the expected collection and use of data according to the site’s privacy policy, to SSL encryption and HeartBleed vulnerability. So far, Disconnect has evaluated and assigned icons to over 5,000 websites.

The site’s own privacy policy promises never to collect IP addresses or any personal info except for the email addresses of users who sign up for their (opt-in) newsletter.

Disconnect tracking and security extensions are currently available for Chrome, Firefox, Safari, and Opera. The service also provides tracker-blocking options for iOS devices with its Disconnect Kids app. Disconnect’s tracker-blocking code and database are available on Github.

Privacy Badger

This tracker-blocking tool is a new project of the Electronic Frontier Foundation and uses an algorithm to “learn” which social or ad networks are tracking you over time.

That means the tool takes awhile to get going. It initially allows third-party trackers until it detects patterns in third-party requests. Then it will start automatically blocking what it considers “non-consensual invasions of people’s privacy,” according to its FAQ.

EFF decided to use an algorithm over a compiled filter list of trackers to make the extension harder to circumvent.

“Blocking algorithmically “is more responsive and is able to better protect users from all trackers, not just the ones we have identified as a problem,” Cooper Quintin, a technologist working with EFF, wrote in an email.

Users can manually adjust blocking by using sliders that control access to their data in three levels: Completely blocking all requests from third-parties, blocking cookies from third-parties, and unblocking third party requests.

By default, the Privacy Badger will whitelist domains that it believes are necessary for web functionality. Those domains will automatically be blocked from leaving cookies, but will not be blocked completely unless the setting is manually adjusted, according to its FAQ.

Like Ghostery and Disconnect, users can also manually “whitelist” any site by disabling Privacy Badger on it.

In an interesting twist, Privacy Badger will allow trackers to unblock themselves if they post a privacy policy that honors users’ “Do Not Track” requests. Currently, only a few tracking companies have agreed to not track users who check the “Do Not Track” button in their Web browsers.

Privacy Badger is available for Google Chrome and Firefox. A list for its “whitelisted” sites are available on Github along with the code for the extensions.

A note on methods for flagging trackers

If you install all three or any number of these add-ons concurrently, you will notice that they often detect a different number of trackers on any given page. That’s because each service classifies tracking slightly differently.

Ghostery displays individual trackers per page based on its own database. Meanwhile, Disconnect displays the total number of requests made by detected trackers. And Privacy Badger flags third-party domains, not the number of requests made by those domains.

Looking for ways to make your web experience more secure from the Privacy Tools series? Read more on encrypting your files and messages, masking your location, safely browsing the web, taking data out of the hands of data brokers, and building better passwords.

Creative Commons

Related:

It’s Complicated: Facebook’s History of Tracking You, by Julia Angwin, ProPublica, on Facts and Opinions 
Online Tracking Increasingly Creepy
, by Julia Angwin, ProPublica, on Facts and Opinions  
Privacy Tools: Encrypt What You Can by Julia Angwin, ProPublica, on Facts and Opinions 
Privacy Tools: Mask Your Location
, by Julia Angwin, ProPublica, on Facts and Opinions 
What Edward Snowden said to European Parliamentarians
, by Deborah Jones, on Facts and Opinions

 

Please support professional journalism at Facts and OpinionsUse the subscribe form sign up for email notices from our free Frontlines, where we post small stories and announce new work.  For $2.95 (the price of a cheap brew) you can subscribe to F&O for a month. If that breaks your budget, a one-day pass is $1Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from foundations or causes.

Posted in Current Affairs Also tagged , , , |

It’s Complicated: Facebook’s History of Tracking You

by Julia Angwin, ProPublica

 

For years people have noticed a funny thing about Facebook’s ubiquitous Like button. It has been sending data to Facebook tracking the sites you visit. Each time details of the tracking were revealed, Facebook promised that it wasn’t using the data for any commercial purposes.

Facebook_on_Nasdaq

Billboard on the Thomson Reuters building welcomes Facebook to Nasdaq, 2012. Photo by ProducerMatthew, Creative Commons licence

No longer. Last week, Facebook announced it will start using its Like button and similar tools to track people across the Internet for advertising purposes.

Here is the long history of the revelations and Facebook’s denials:

Facebook’s Mark Zuckerberg introduces the “transformative” Like button …

April 21, 2010 2013 Facebook introduces the “Like” button in 2010 at its F8 developer conference. Facebook founder Mark Zuckerberg declares that it will be “the most transformative thing we’ve ever done for the Web.”

He says his goal is to encourage a Web where all products and services use people’s real identity. He suggests, in fact, that creating a personally identifiable web experience could be divine: “When you go to heaven, all of your friends are all there and everything is just the way you want it to be,” he says. “Together, lets build a world that is that good.” 

Which sends data …

Nov. 30, 2010 2013 Dutch researcher Arnold Roosendaalpublishes a paper showing that Facebook Like buttons transmit data about users even when the user doesn’t click on the button. Facebook later says that Roosendaal found a “bug.”

even when users don’t click on it … 

May 18, 2011 – The Wall Street Journal reports that Facebook Like buttons and other widgets collect data about users even when they don’t click them. Facebook’s chief technology officer says, “we don’t use them for tracking and they’re not intended for tracking.”

Internet pioneer says log out of Facebook …

Sept. 24, 2011 2013 Veteran tech blogger Dave Winer writes that ” Facebook is scaring me” with its apps like the social reader, which can automatically share stories you read. This “kind of behavior deserves a bad name, like phishing, or spam, or cyber-stalking,” he writes. Winer recommends that users log out of Facebook to prevent being tracked on other websites.

Except logging out doesn’t work …

Sept. 25, 2011 2013 Australian blogger Nik Cubrilovic writes that ” Logging Out of Facebook is Not Enough.” He shows that Facebook is tracking users even when they log out of the site. Facebook responds that it is fixing the issue so people won’t be tracked when they are logged out of Facebook.

Facebook says not to worry…

Sept. 27, 2011 2013 Facebook tells the New York Times that it doesn’t use data from Like buttons and other widgets to track users or target advertising to them, and that it deletes or anonymizes the data within 90 days.

Turns out Facebook has patented the technique …

Oct. 1, 2011 2013 Blogger Michael Arrington digs up a Facebook patent application for “a method 2026 for tracking information about the activities of users of a social networking system while on another domain.” The title of his blog post: ” Brutal Dishonesty.

But, really, don’t worry …

Dec. 7, 2012 2013 As the Wall Street Journal finds that Facebook Like buttons and other widgets appear on two-thirds of 900 websites surveyed, the company says again it only uses data from unclicked Like buttons for security purposes and to fix bugs in its software.

OK, worry …

June 12, 2014 2013 Facebook tells Ad Age that it will start tracking users across the Internet using its widgets such as the Like button.

It’s a bold move. Twitter and Pinterest, which track people with their Tweet and PinIt buttons, offer users the ability to opt out. And Google has pledged it will not combine data from its ad-tracking network DoubleClick with personally identifiable data without user’s opt-in consent. Facebook does not offer an opt-out in its privacy settings.

Instead Facebook asks members to visit an ad industry page, where they can opt out from targeted advertising from Facebook and other companies. The company also says it will let people view and adjust the types of ads they see.

We contacted Facebook to ask them about their tracking habits. They didn’t respond.

Read our recent story about how online tracking is getting creepier, and a piece from our archives rounding up the best reporting on Facebook and your privacy.

Creative Commons

Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by subscribers and readers who purchase a $1 site day pass. We do not carry advertising or solicit donations from non-journalism foundations or causes.

Posted in Current Affairs Also tagged , |

Online Tracking Increasingly Creepy

 

by Julia Angwin, ProPublica

The marketers that follow you around the web are getting nosier.

Currently, many companies track where users go on the Web — often through cookies — in order to display customized ads. That’s why if you look at a pair of shoes on one site, ads for those shoes may follow you around the Web.

But online marketers are increasingly seeking to track users offline, as well, by collecting data about people’s offline habits — such as recent purchases, where you live, how many kids you have, and what kind of car you drive.

Here’s how it works, according to some revealing marketing literature we came across from digital marketing firm LiveRamp:

  • A retailer — let’s call it The Pricey Store — collects the e-mail addresses of its high-spending customers. (Ever wonder why stores keep bugging you for your email at the checkout counter these days?)
  • The Pricey Store brings the list to LiveRamp, which locates the customers online when the customers use their email address to log into a website that has a relationship with LiveRamp. (The identity of these websites is a closely guarded secret.) The website that has a relationship with LiveRamp then allows LiveRamp to “tag” the customers’ computer with a tracker.
  • When those high-spending customers arrive at PriceyStore.com, they see a version of the site customized to “show more expensive offerings to them.” (Yes, the marketing documents really say that.)

Tracking people using their real names — often called “on boarding” — is a hot trend in Silicon Valley. In 2012, ProPublica documented how political campaigns used onboarding to bombard voters with ads based on their party affiliation and donor history. Since then, Twitter and Facebook have both started offering onboarding services allowing advertisers to find their customers online.

“The marriage of online and offline is the ad targeting of the last 10 years on steroids,” said Scott Howe, chief executive of broker firm Acxiom at a conference earlier this year.

Last month, Acxiom — one of the country’s largest data brokers, which claims to have 3,000 data points on nearly every U.S. consumer — agreed to pay $310 million to purchase onboarding specialist LiveRamp. Acxiom and LiveRamp declined to comment for this article, citing the need to remain quiet until the acquisition is complete.

Companies that match users online and offline identities generally emphasize that the data is still anonymous because users’ actual names aren’t included in the cookie.

But critics worry about the implications of allowing data brokers to profile every person who is connected to the Internet. In May, America’s Federal Trade Commission issued a report that found that data brokers collected information on sensitive categories such as whether an individual is pregnant, has a “diabetes interest,” is interested in a “Bible Lifestyle” or is “likely to seek a [credit-card] chargeback.”

Previously, data brokers primarily sold this data to marketers who sent direct mail — aka “junk mail” — to your home. Now, they have found a new market: online marketing that can be targeted as precisely as junk mail.

“Will these classifications mean that some consumers will only be shown advertisements for subprime loans while others will see ads for credit cards?” Federal Trade Commission Chairwoman Edith Ramirez said at a press conference. “Will some be routinely shunted to inferior customer service?”

The FTC has called for Congress to pass legislation requiring data brokers to allow consumers to access their information and to opt out of targeted marketing. Currently, many data brokers don’t offer people either one.

The Direct Marketing Association, which represents the data broker industry, doesn’t offer a specific opt-out for onboarding. It does offer a global opt-out from all of its members’ direct mail databases, but it only requires members to remove people’s data for three years after they opt-out.

Some companies offer their own opt-outs. Twitter allows users to opt out of onboarding by unchecking the “promoted content” button in their account settings. LiveRamp offers a so-called ” permanent opt-out” for users who do not want to be targeted via their e-mail address.

Facebook does not offer a specific opt-out for onboarding. Instead, it suggests users opt out of the data brokers themselves. A Facebook spokesman says that users who don’t like specific targeted ads can avoid seeing them again by clicking an ‘x’ on the top right corner of the ad and following the links to the advertisers’ opt-out page.

For more information about the market for your data read ProPublica’s guide to “Everything We Know About What Data Brokers Know About You” and learn how you can opt-out from data brokers.

Creative Commons

Independent, non-partisan and employee-owned, FactsandOpinions serves, and is funded by, readers. We do not carry advertising or solicit donations from foundations or causes. Our original work in Dispatches, Think and Photo-Essays is available for a $1 site day pass or at a modest subscription price. Use the SUBSCRIBE  form on our freeFrontlines blog to receive blog stories and notices of all new work on site.


Posted in Current Affairs Also tagged , , |