An eye in close-up superimposted by a screen of random numbers

‘You Have NO Privacy. Get Over It’

  |  October 16, 2012   |  Comments

Continued from

Often, though, the process is more straightforward, with companies simply sharing what they know - often information gleaned from registration processes.

For example, in 2011 Mayer and his Stanford research colleague John Mitchell discovered that online dating site OKCupid was sending information about how often subscribers admitted to drinking, smoking, and doing drugs to Lotame, an online data company that counts publishers Condé Nast and IDG among its customers.

But for Google, the Safari breach was not a one-off, as far as online privacy campaigners are concerned.

Google Buzz was a social network launched in February 2010 and unceremoniously buried 18 months later.

It integrated Picasa, Flickr, Google Latitude, Google Reader, Google Sidewiki, YouTube, Blogger, FriendFeed,, and Twitter, and made weak privacy settings the default. This included making public the names of Gmail contacts that the user most frequently emailed or chatted with.

Just a month after Buzz was buried, Google changed its company-wide privacy settings to enable it to unify the collection and storage of user data across the whole of its online estate. Today, user data is shared across all of Google's websites - including search, YouTube, Google+, everything - with no opt-out.

Mobile raises the stakes still further with Lotame, for example, boasting market data on 30 million Android device users, while Apple iOS users have been tracked thanks to the inclusion of the UDID unique tracking number in iOS.

Google, for example, knows every search made on an Android device via its search service - which accounts for more than 90 percent of the U.K. search market, according to Experian Hitwise - and every app download in its Google Play store, too.


Given the undercurrent of discontent with commercial tracking on the web, the tracking industry itself has devised a system of self-regulation with "Do Not Track," a supposedly universal web tracking opt-out.

Do Not Track signals a user's opt-out from web tracking with an HTTP header field that requests a web application to disable tracking. It is currently supported by Firefox, Safari, Internet Explorer, and Opera - but not Google Chrome - and is being standardized by the Worldwide Web Consortium (W3C).

However, when Mayer investigated whether web tracking companies were honoring Do Not Track, he found that more than half were simply ignoring it.

The privacy features built into all major web browsers is no solution either. Introduced when Apple Safari debuted "private browsing" in April 2005, these enable users to browse without their history being stored locally. But they don't stop users being tracked by advertisers and marketers when they visit websites in exactly the same way that they would in a normal session.

Cookies may be deleted at the end of the private browsing session, but the user is still identifiable by their IP address.

Anonymous proxy servers are also widely used, not for the purpose of privacy, but to enable staff to skirt corporate web blocks - because the user is connecting to the proxy and not the banned website - and for people to view content restricted to people in a certain geographic location. They are popular, for example, to enable people outside the U.K. to watch programs on the BBC iPlayer.

However, while the basic service is free, users have to pay a subscription for unlimited access, connections via faster servers, and - surprise, surprise - no advertising.

An increasingly popular application, though, is the Tor web browser, a freely downloadable tool designed to facilitate anonymous, untrackable web browsing.

Tor works by using a system of "onion routing" (its original name was "The Onion Router"). Properly configured, it provides an encrypted connection to other nodes in the Tor network through which online sessions are conducted.

As the data is transferred through the network, it is encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

However, that last hop from the final node to the destination server has to be unencrypted, opening up a key weakness of the system.

Dan Egerstad, a Swedish security researcher, ran five Tor nodes. Sniffing exit data traffic from these nodes, he was able to uncover server IP addresses, email accounts, and their passwords for sensitive data from - in particular - developing countries' embassies, the U.K. Visa Application Centre in Nepal, and more than 1,000 corporate accounts.

"Because anyone can join the Tor network, Tor users necessarily pass their traffic to organisations they might not trust: various intelligence agencies, hacker groups, criminal organisations and so on," said security expert Bruce Schneier, at the time the flaw was uncovered by Egerstad in 2007.

Some people conjecture that it was deliberately architected to be insecure by design. It was, after all, established in 2002 having been originally sponsored by the U.S. Naval Research Laboratory, and continues to be supported by the U.S. State Department. At the same time, Tor is also a haven for all kinds of very illegal activities.

Cynics have argued that state agencies - normally U.S.-based - are almost certainly crawling all over Tor, only tolerating its worst excesses to provide a cover for their own nefarious activities - while using its shortcomings to gather the intelligence they want from people seeking Tor's supposed anonymity.

It does, though, perhaps illustrate that while the activities of Google and many other over-eager online marketing companies are irritating, it is various governments' own online surveillance efforts that ought to be feared.


This article was originally published on

ClickZ Live Toronto Twitter Canada MD Kirstine Stewart to Keynote Toronto
ClickZ Live Toronto (May 14-16) is a new event addressing the rapidly changing landscape that digital marketers face. The agenda focuses on customer engagement and attaining maximum ROI through online marketing efforts across paid, owned & earned media. Register now and save!


Graeme Burton is Chief Reporter at Computing.

He has 15 years of experience in news and magazine journalism, and has edited such titles as Trade & Forfaiting Review, Inside Knowledge and Managing Information & Documents.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Analytics newsletter delivered to you. Subscribe today!



Featured White Papers

ion Interactive Marketing Apps for Landing Pages White Paper

Marketing Apps for Landing Pages White Paper
Marketing apps can elevate a formulaic landing page into a highly interactive user experience. Learn how to turn your static content into exciting marketing apps.

eMarketer: Redefining Mobile-Only Users: Millions Selectively Avoid the Desktop

Redefining 'Mobile-Only' Users: Millions Selectively Avoid the Desktop
A new breed of selective mobile-only consumers has emerged. What are the demos of these users and how and where can marketers reach them?


    • Contact Center Professional
      Contact Center Professional (TCC: The Contact Center) - Hunt ValleyLooking to join a workforce that prides themselves on being routine and keeping...
    • Recruitment and Team Building Ambassador
      Recruitment and Team Building Ambassador (Agora Inc.) - BaltimoreAgora,, continues to expand! In order to meet the needs of our...
    • Design and Publishing Specialist
      Design and Publishing Specialist (Bonner and Partners) - BaltimoreIf you’re a hungry self-starter, creative, organized and have an extreme...