An eye in close-up superimposted by a screen of random numbers

‘You Have NO Privacy. Get Over It’

  |  October 16, 2012   |  Comments

Continued from

Often, though, the process is more straightforward, with companies simply sharing what they know - often information gleaned from registration processes.

For example, in 2011 Mayer and his Stanford research colleague John Mitchell discovered that online dating site OKCupid was sending information about how often subscribers admitted to drinking, smoking, and doing drugs to Lotame, an online data company that counts publishers Condé Nast and IDG among its customers.

But for Google, the Safari breach was not a one-off, as far as online privacy campaigners are concerned.

Google Buzz was a social network launched in February 2010 and unceremoniously buried 18 months later.

It integrated Picasa, Flickr, Google Latitude, Google Reader, Google Sidewiki, YouTube, Blogger, FriendFeed, identi.ca, and Twitter, and made weak privacy settings the default. This included making public the names of Gmail contacts that the user most frequently emailed or chatted with.

Just a month after Buzz was buried, Google changed its company-wide privacy settings to enable it to unify the collection and storage of user data across the whole of its online estate. Today, user data is shared across all of Google's websites - including search, YouTube, Google+, everything - with no opt-out.

Mobile raises the stakes still further with Lotame, for example, boasting market data on 30 million Android device users, while Apple iOS users have been tracked thanks to the inclusion of the UDID unique tracking number in iOS.

Google, for example, knows every search made on an Android device via its search service - which accounts for more than 90 percent of the U.K. search market, according to Experian Hitwise - and every app download in its Google Play store, too.

Self-Protection

Given the undercurrent of discontent with commercial tracking on the web, the tracking industry itself has devised a system of self-regulation with "Do Not Track," a supposedly universal web tracking opt-out.

Do Not Track signals a user's opt-out from web tracking with an HTTP header field that requests a web application to disable tracking. It is currently supported by Firefox, Safari, Internet Explorer, and Opera - but not Google Chrome - and is being standardized by the Worldwide Web Consortium (W3C).

However, when Mayer investigated whether web tracking companies were honoring Do Not Track, he found that more than half were simply ignoring it.

The privacy features built into all major web browsers is no solution either. Introduced when Apple Safari debuted "private browsing" in April 2005, these enable users to browse without their history being stored locally. But they don't stop users being tracked by advertisers and marketers when they visit websites in exactly the same way that they would in a normal session.

Cookies may be deleted at the end of the private browsing session, but the user is still identifiable by their IP address.

Anonymous proxy servers are also widely used, not for the purpose of privacy, but to enable staff to skirt corporate web blocks - because the user is connecting to the proxy and not the banned website - and for people to view content restricted to people in a certain geographic location. They are popular, for example, to enable people outside the U.K. to watch programs on the BBC iPlayer.

However, while the basic service is free, users have to pay a subscription for unlimited access, connections via faster servers, and - surprise, surprise - no advertising.

An increasingly popular application, though, is the Tor web browser, a freely downloadable tool designed to facilitate anonymous, untrackable web browsing.

Tor works by using a system of "onion routing" (its original name was "The Onion Router"). Properly configured, it provides an encrypted connection to other nodes in the Tor network through which online sessions are conducted.

As the data is transferred through the network, it is encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

However, that last hop from the final node to the destination server has to be unencrypted, opening up a key weakness of the system.

Dan Egerstad, a Swedish security researcher, ran five Tor nodes. Sniffing exit data traffic from these nodes, he was able to uncover server IP addresses, email accounts, and their passwords for sensitive data from - in particular - developing countries' embassies, the U.K. Visa Application Centre in Nepal, and more than 1,000 corporate accounts.

"Because anyone can join the Tor network, Tor users necessarily pass their traffic to organisations they might not trust: various intelligence agencies, hacker groups, criminal organisations and so on," said security expert Bruce Schneier, at the time the flaw was uncovered by Egerstad in 2007.

Some people conjecture that it was deliberately architected to be insecure by design. It was, after all, established in 2002 having been originally sponsored by the U.S. Naval Research Laboratory, and continues to be supported by the U.S. State Department. At the same time, Tor is also a haven for all kinds of very illegal activities.

Cynics have argued that state agencies - normally U.S.-based - are almost certainly crawling all over Tor, only tolerating its worst excesses to provide a cover for their own nefarious activities - while using its shortcomings to gather the intelligence they want from people seeking Tor's supposed anonymity.

It does, though, perhaps illustrate that while the activities of Google and many other over-eager online marketing companies are irritating, it is various governments' own online surveillance efforts that ought to be feared.

Page:

This article was originally published on http://www.computing.co.uk/ctg/feature/2214593/-you-have-no-privacy-get-over-it.

ClickZ Live Toronto On the heels of a fantastic event in New York City, ClickZ Live is taking the fun and learning to Toronto, June 23-25. With over 15 years' experience delivering industry-leading events, ClickZ Live offers an action-packed, educationally-focused agenda covering all aspects of digital marketing. Early Bird Rates expire May 29. Register today and save!

ABOUT THE AUTHOR

Graeme Burton is Chief Reporter at Computing.

He has 15 years of experience in news and magazine journalism, and has edited such titles as Trade & Forfaiting Review, Inside Knowledge and Managing Information & Documents.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Analytics newsletter delivered to you. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

Gartner Magic Quadrant for Digital Commerce

Gartner Magic Quadrant for Digital Commerce
This Magic Quadrant examines leading digital commerce platforms that enable organizations to build digital commerce sites. These commerce platforms facilitate purchasing transactions over the Web, and support the creation and continuing development of an online relationship with a consumer.

Paid Search in the Mobile Era

Paid Search in the Mobile Era
Google reports that paid search ads are currently driving 40+ million calls per month. Cost per click is increasing, paid search budgets are growing, and mobile continues to dominate. It's time to revamp old search strategies, reimagine stale best practices, and add new layers data to your analytics.

WEBINARS

Resources

Jobs

    • SEO Specialist
      SEO Specialist (HeBS Digital) - NEW YORK                             ...
    • GREAT Campaign Project Coordinator
      GREAT Campaign Project Coordinator (British Consulate-General, New York) - New YorkThe GREAT Britain Campaign is seeking an energetic and creative...
    • Paid Search Senior Account Manager
      Paid Search Senior Account Manager (Hanapin Marketing) - BloomingtonHanapin Marketing is hiring a strategic Paid Search Senior Account Manager...