An eye in close-up superimposted by a screen of random numbers

‘You Have NO Privacy. Get Over It’

  |  October 16, 2012   |  Comments

Continued from

Often, though, the process is more straightforward, with companies simply sharing what they know - often information gleaned from registration processes.

For example, in 2011 Mayer and his Stanford research colleague John Mitchell discovered that online dating site OKCupid was sending information about how often subscribers admitted to drinking, smoking, and doing drugs to Lotame, an online data company that counts publishers Condé Nast and IDG among its customers.

But for Google, the Safari breach was not a one-off, as far as online privacy campaigners are concerned.

Google Buzz was a social network launched in February 2010 and unceremoniously buried 18 months later.

It integrated Picasa, Flickr, Google Latitude, Google Reader, Google Sidewiki, YouTube, Blogger, FriendFeed,, and Twitter, and made weak privacy settings the default. This included making public the names of Gmail contacts that the user most frequently emailed or chatted with.

Just a month after Buzz was buried, Google changed its company-wide privacy settings to enable it to unify the collection and storage of user data across the whole of its online estate. Today, user data is shared across all of Google's websites - including search, YouTube, Google+, everything - with no opt-out.

Mobile raises the stakes still further with Lotame, for example, boasting market data on 30 million Android device users, while Apple iOS users have been tracked thanks to the inclusion of the UDID unique tracking number in iOS.

Google, for example, knows every search made on an Android device via its search service - which accounts for more than 90 percent of the U.K. search market, according to Experian Hitwise - and every app download in its Google Play store, too.


Given the undercurrent of discontent with commercial tracking on the web, the tracking industry itself has devised a system of self-regulation with "Do Not Track," a supposedly universal web tracking opt-out.

Do Not Track signals a user's opt-out from web tracking with an HTTP header field that requests a web application to disable tracking. It is currently supported by Firefox, Safari, Internet Explorer, and Opera - but not Google Chrome - and is being standardized by the Worldwide Web Consortium (W3C).

However, when Mayer investigated whether web tracking companies were honoring Do Not Track, he found that more than half were simply ignoring it.

The privacy features built into all major web browsers is no solution either. Introduced when Apple Safari debuted "private browsing" in April 2005, these enable users to browse without their history being stored locally. But they don't stop users being tracked by advertisers and marketers when they visit websites in exactly the same way that they would in a normal session.

Cookies may be deleted at the end of the private browsing session, but the user is still identifiable by their IP address.

Anonymous proxy servers are also widely used, not for the purpose of privacy, but to enable staff to skirt corporate web blocks - because the user is connecting to the proxy and not the banned website - and for people to view content restricted to people in a certain geographic location. They are popular, for example, to enable people outside the U.K. to watch programs on the BBC iPlayer.

However, while the basic service is free, users have to pay a subscription for unlimited access, connections via faster servers, and - surprise, surprise - no advertising.

An increasingly popular application, though, is the Tor web browser, a freely downloadable tool designed to facilitate anonymous, untrackable web browsing.

Tor works by using a system of "onion routing" (its original name was "The Onion Router"). Properly configured, it provides an encrypted connection to other nodes in the Tor network through which online sessions are conducted.

As the data is transferred through the network, it is encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

However, that last hop from the final node to the destination server has to be unencrypted, opening up a key weakness of the system.

Dan Egerstad, a Swedish security researcher, ran five Tor nodes. Sniffing exit data traffic from these nodes, he was able to uncover server IP addresses, email accounts, and their passwords for sensitive data from - in particular - developing countries' embassies, the U.K. Visa Application Centre in Nepal, and more than 1,000 corporate accounts.

"Because anyone can join the Tor network, Tor users necessarily pass their traffic to organisations they might not trust: various intelligence agencies, hacker groups, criminal organisations and so on," said security expert Bruce Schneier, at the time the flaw was uncovered by Egerstad in 2007.

Some people conjecture that it was deliberately architected to be insecure by design. It was, after all, established in 2002 having been originally sponsored by the U.S. Naval Research Laboratory, and continues to be supported by the U.S. State Department. At the same time, Tor is also a haven for all kinds of very illegal activities.

Cynics have argued that state agencies - normally U.S.-based - are almost certainly crawling all over Tor, only tolerating its worst excesses to provide a cover for their own nefarious activities - while using its shortcomings to gather the intelligence they want from people seeking Tor's supposed anonymity.

It does, though, perhaps illustrate that while the activities of Google and many other over-eager online marketing companies are irritating, it is various governments' own online surveillance efforts that ought to be feared.


This article was originally published on


Graeme Burton is Chief Reporter at Computing.

He has 15 years of experience in news and magazine journalism, and has edited such titles as Trade & Forfaiting Review, Inside Knowledge and Managing Information & Documents.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Analytics newsletter delivered to you. Subscribe today!



Featured White Papers

2015 Holiday Email Guide

2015 Holiday Email Guide
The holidays are just around the corner. Download this whitepaper to find out how to create successful holiday email campaigns that drive engagement and revenue.

Three Ways to Make Your Big Data More Valuable

Three Ways to Make Your Big Data More Valuable
Big data holds a lot of promise for marketers, but are marketers ready to make the most of it to drive better business decisions and improve ROI? This study looks at the hidden challenges modern marketers face when trying to put big data to use.