Am I being stalked online?

Every site you surf, every click you make is being recorded - the details of your online activities are captured in detail by a range of organizations. Most people remain unaware of what is being tracked and the potential risks to their privacy.

Who is tracking me?

As you surf, each webpage you view is passed to your Internet Service Provider (ISP) as a request to view the content on that page - your ISP is aware of what you are doing, but as a rule, ISPs do not collect this information. Your own browser will keep record of the sites you visit, but this is quite secure and will remain on your own machine until you choose to delete it.

There are however three groups of organizations that legitimately track your online movements: Web Analytics Providers, Web Application Providers and Social Tracking Services.

Web Analytics Providers

Companies such as Hitwise, Omniture, NebuAd and NetIQ collect data directly from your ISP or from the sites that you visit.

Hitwise maintain that they do not track individual users, rather they aggregate the data across a large population of users over a wide geographical spread and using it to report back on web usage.

Omniture technology is based on cookies installed on your machine reporting back on your activities. If you look through your cookies you may see some that are labeled 2o7.net and are set by Omniture clients allowing them to analyze user behavior.

Web Application Providers

The third group perform various levels of tracking, to improve the services that they provide to you and to find out more about you to be able to target you for advertising. Privacy International has created a ranking of those sites in a report. A notable risk to online privacy is Google, closely followed by AOL, Apple, Facebook, Hi5, Reunion.com, Windows Livespace and Yahoo. The report details the types of information that each of these sites capture, periods of retention and degree of individual control over that information.

Social Tracking Services

Sites and tools are now emerging where you allow yourself to be tracked voluntarily: Wakoopa – tracks software you have been running; Last.fm – tracks the MP3s that you play; Me.diu,m; and Cluztr and Attentiontrust track the sites that you visit and pass the data on to other sites that you subscribe to.

Why are they tracking me?

The science of tracking online behavior has advanced considerably over the past few years as business models become dependent upon online attention and purchasing.

  • Website improvements: Website owners use site traffic information to improve the design, navigation and content of their websites.
  • Personalization: Online merchants and content providers try to get a better understanding of your personal preferences and habits to tailor sites to your needs.
  • Targeted Advertising: Content owners who place advertisements on webpages try to get a better understanding of your interests, preferences and the types of things you search for to improve the relevance of the advertisements
  • Demographic / Psychographic profiling: Marketers and merchants who wish to reach you construct detailed profiles that allow them to better target you. Information is used to upsell, bundle and make recommendations of products and services that you may take. Google has recently filed a patent for a technique that monitors the players of online games to determine their preferences and personality types to improve it’s targeted advertising.

Is it risky for me?

The types of information that are being captured include: your IP address and geographical location, zip code, your search terms and the results that you click on, your purchases, names, email addresses, age, gender, interests, occupation, photographs, instant messaging conversations, email texts, music listened to, videos viewed. In many cases the information captured directly from a user is augmented with information purchased from data vendors such as the credit scoring agencies.

This list may be a cause for alarm, however, no single organization has all of this information and its fragmentation will afford you a certain amount of protection. While organizations do not share this information, you will be safe, however this situation is slowly changing.

  • Government agencies are combining data from multiple sources in a surveillance to combat terrorist and criminal activity. The Information Fusion Centers project has an objective to create a ''revolutionary technology for ultra-large all-source information repositories" and the program is currently underway in multiple US states.

    Even certain universities have been Even certain universities have been reported to be trading student data.

  • Data Sales and Sharing is an industry in its own right. Companies such as Choicepoint, Experian and Equifax all profit directly from the sale of personal information for employment or credit verification. Additionally other organizations are indirectly sharing information with trading partners and advertisers and are doing so without your explicit permission.
  • Data Compromises are on the increase, a well documented history of data compromises has been compiled by Attrition.org documenting leaks, sales and thefts of sensitive information about individuals.
  • Hackers are able to use common but powerful tools such as the Google search engine to discover files containing sensitive information such as account login details, passwords and credit card numbers. All the more reason why you should be careful which sites you give up your information to.

What can I do?

Given all of the potential holes in the system, ensuring your online privacy is tricky, however there are steps that you can take. Sound advice on Lifehacker and SearchEngineWatch includes the following simple tips:

  • When you sign up for online services, only provide mandatory information
  • Use a variety of search engines as you search
  • Don’t sign-in to search engines when you are searching
  • Delete your cookies, once a week is a good interval
  • Reset your IP address by turning off your router periodically
  • Use a proxy to perform all your web browsing that you want to remain private
  • For $10 per month you can use the xB Browser for secure browsing

Bibliography

  1. Stalking 2.0: The Websites that Track Your Every Move (Voluntarily!)
  2. Tor Torches Online Tracking by Kim Zetter for Wired Magazine (May 17, 2005)
  3. Should Web Search Data Be Stored?, published in the The Wall Street Journal Online.
  4. Management statement from Hitwise regarding the findings of PricewaterhouseCoopers Data Integrity and Privacy Audit Report
  5. An invisible abomination by Scott Bradner published in NetworkWorld (July 2, 2007)
  6. A Race to the Bottom: Privacy Ranking of Internet Service Companies (September 9, 2007)
  7. Interim Rankings report from Privacy International
  8. 1.0 2o7.net Third Party Tracking Cookies at P3PWriter
  9. Information Fusion Centers and Privacy
  10. Alumni Associations And Public Universities Profit By Selling Student Data To Bank Of America published on the Consumerist.com
  11. Subpoenas and Your Privacyby the Electronic Frontier Foundation (February 2006)
  12. Hacking With The Google Search Engine written on Defending the Net
  13. Demystifying Google Hacks - a paper written by Debasis Mohanty at HackingSpirits
  14. Google may use games to analyse net users by David Adam and Bobbie Johnson published in The Guardian (May 12, 2007)
  15. Global privacy standards needed by Eric Schmidt in the Financial Times
  16. Search Google anonymously
  17. Protecting Your Search Privacy: A Flowchart To Tracks You Leave Behind by Danny Sullivan of SearchEngineWatch (January 23, 2006)
  18. Technophilia: Protect your web searches by Wendy Boswell at Lifehacker

Add to Technorati Favorites

Digg!