An eye in close-up superimposted by a screen of random numbers

‘You Have NO Privacy. Get Over It’

  |  October 16, 2012   |  Comments

Continued from

Often, though, the process is more straightforward, with companies simply sharing what they know - often information gleaned from registration processes.

For example, in 2011 Mayer and his Stanford research colleague John Mitchell discovered that online dating site OKCupid was sending information about how often subscribers admitted to drinking, smoking, and doing drugs to Lotame, an online data company that counts publishers Condé Nast and IDG among its customers.

But for Google, the Safari breach was not a one-off, as far as online privacy campaigners are concerned.

Google Buzz was a social network launched in February 2010 and unceremoniously buried 18 months later.

It integrated Picasa, Flickr, Google Latitude, Google Reader, Google Sidewiki, YouTube, Blogger, FriendFeed,, and Twitter, and made weak privacy settings the default. This included making public the names of Gmail contacts that the user most frequently emailed or chatted with.

Just a month after Buzz was buried, Google changed its company-wide privacy settings to enable it to unify the collection and storage of user data across the whole of its online estate. Today, user data is shared across all of Google's websites - including search, YouTube, Google+, everything - with no opt-out.

Mobile raises the stakes still further with Lotame, for example, boasting market data on 30 million Android device users, while Apple iOS users have been tracked thanks to the inclusion of the UDID unique tracking number in iOS.

Google, for example, knows every search made on an Android device via its search service - which accounts for more than 90 percent of the U.K. search market, according to Experian Hitwise - and every app download in its Google Play store, too.


Given the undercurrent of discontent with commercial tracking on the web, the tracking industry itself has devised a system of self-regulation with "Do Not Track," a supposedly universal web tracking opt-out.

Do Not Track signals a user's opt-out from web tracking with an HTTP header field that requests a web application to disable tracking. It is currently supported by Firefox, Safari, Internet Explorer, and Opera - but not Google Chrome - and is being standardized by the Worldwide Web Consortium (W3C).

However, when Mayer investigated whether web tracking companies were honoring Do Not Track, he found that more than half were simply ignoring it.

The privacy features built into all major web browsers is no solution either. Introduced when Apple Safari debuted "private browsing" in April 2005, these enable users to browse without their history being stored locally. But they don't stop users being tracked by advertisers and marketers when they visit websites in exactly the same way that they would in a normal session.

Cookies may be deleted at the end of the private browsing session, but the user is still identifiable by their IP address.

Anonymous proxy servers are also widely used, not for the purpose of privacy, but to enable staff to skirt corporate web blocks - because the user is connecting to the proxy and not the banned website - and for people to view content restricted to people in a certain geographic location. They are popular, for example, to enable people outside the U.K. to watch programs on the BBC iPlayer.

However, while the basic service is free, users have to pay a subscription for unlimited access, connections via faster servers, and - surprise, surprise - no advertising.

An increasingly popular application, though, is the Tor web browser, a freely downloadable tool designed to facilitate anonymous, untrackable web browsing.

Tor works by using a system of "onion routing" (its original name was "The Onion Router"). Properly configured, it provides an encrypted connection to other nodes in the Tor network through which online sessions are conducted.

As the data is transferred through the network, it is encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

However, that last hop from the final node to the destination server has to be unencrypted, opening up a key weakness of the system.

Dan Egerstad, a Swedish security researcher, ran five Tor nodes. Sniffing exit data traffic from these nodes, he was able to uncover server IP addresses, email accounts, and their passwords for sensitive data from - in particular - developing countries' embassies, the U.K. Visa Application Centre in Nepal, and more than 1,000 corporate accounts.

"Because anyone can join the Tor network, Tor users necessarily pass their traffic to organisations they might not trust: various intelligence agencies, hacker groups, criminal organisations and so on," said security expert Bruce Schneier, at the time the flaw was uncovered by Egerstad in 2007.

Some people conjecture that it was deliberately architected to be insecure by design. It was, after all, established in 2002 having been originally sponsored by the U.S. Naval Research Laboratory, and continues to be supported by the U.S. State Department. At the same time, Tor is also a haven for all kinds of very illegal activities.

Cynics have argued that state agencies - normally U.S.-based - are almost certainly crawling all over Tor, only tolerating its worst excesses to provide a cover for their own nefarious activities - while using its shortcomings to gather the intelligence they want from people seeking Tor's supposed anonymity.

It does, though, perhaps illustrate that while the activities of Google and many other over-eager online marketing companies are irritating, it is various governments' own online surveillance efforts that ought to be feared.


This article was originally published on

ClickZ Live Chicago Join the Industry's Leading eCommerce & Direct Marketing Experts in Chicago
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda and register by Friday, August 29 to take advantage of Super Saver Rates!


Graeme Burton is Chief Reporter at Computing.

He has 15 years of experience in news and magazine journalism, and has edited such titles as Trade & Forfaiting Review, Inside Knowledge and Managing Information & Documents.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Analytics newsletter delivered to you. Subscribe today!



Featured White Papers

BigDoor: The Marketers Guide to Customer Loyalty

The Marketer's Guide to Customer Loyalty
Customer loyalty is imperative to success, but fostering and maintaining loyalty takes a lot of work. This guide is here to help marketers build, execute, and maintain a successful loyalty initiative.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.


    • Sales Planner
      Sales Planner (Verve ) - New YorkAbout Verve   Verve is the leader in location powered mobile advertising. We manage one of the largest mobile...
    • Systems Analyst/Support
      Systems Analyst/Support (Agora Inc. ) - BaltimoreIRIS (Increased Revenue Intuitive Software ) is proprietary software that helps marketers...
    • Client Services Support Specialist
      Client Services Support Specialist (Agora Inc. ) - Delray Beach OVERVIEW:  This position requires a highly motivated and resourceful individual...