Monday, December 6, 2010

Advertisers vs Privacy - How You Are Tracked And Tools To Protect

It's no secret that many websites leverage an advertising based funding model to derive revenue from viewers. But the game is getting much bigger than just showing advertisements. Now its all about customizing ads to the particular user viewing the site.  The company that can best profile a user can offer the most targeted ad and demand the highest payment for this service.

Unfortunately it is becoming increasingly difficult for a user to control what pieces of information are stored by sites they visit.   The dominant methods of profiling users in the past were tracking beacons and cookies that could be used to centrally record a user's activity across various websites. These could be used to build a pretty powerful picture of a user's habits and interests.

But advertisers ran into a problem. Sometimes people would clear their cookies - either for security reasons or to specifically stop this type of tracking.  No worries. The tracking companies are upping their game and are using flash cookies, local storage and any other storage tactic they can figure out.  These new techniques are mostly unknown to the average web users and survive through most normal cookie clearing efforts. (Read more about the evercookie research to get an idea of all the possible storage methods.)

Now, we have another company that is jumping in with an even better approach (better for ad companies that is). They wish to profile your device. From the article:
 Mr. Norris is building a "credit bureau for devices" in which every computer or cellphone will have a "reputation" based on its user's online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people's interests and activities.
I haven't seen the details, but I'm guessing this approach leverages the different pieces of information a browser sends when visiting a site - headers, screen resolution, language support, etc. In the end this can be quite a bit of different data.  A research project was released by the EFF to highlight this issue and it shows just how easy a site could uniquely identify a user based on his or her browser profile.  This profiling technique, combined with a beacon on multiple websites, creates an effective tracking method that is tricky for the average user to overcome.  Now the user has to figure out how to make his or her browser signature less unique to avoid being individually tracked by this new technique.

It's your choice what information you wish to share. Want to keep a tighter lock on your data when browsing? Here are some helpful tools:

Recommended For All:
  • Ghostery Plugin - Like Ad Blocker but for common tracker cookies and beacons
  • Ad Blocker - Ads can be dangerous, this blocks them all
  • Better Privacy Addon  - Allows you to delete those pesky flash cookies
  • Browser - Clear Private Data: Clear out most data that has been stored from websites
  • Clear Flash Cookies - You have to do this from a widget on Adobe's website
  • Private Browsing Mode - Note: This is not "anonymous" browsing. I only mention it because it separates out your cookies and makes sure they are cleared after each session. You could also just configure your browser to clear all cookies when closed.

Recommended For Those Willing To Work A Bit
  • Tor + TorButton - Does tons, you should read about the gains and limitations of this.
  • Request Policy Plugin - Granular control of all cross domain requests per page. Awesome plugin.

What's missing? What do you use?

-Michael Coates - @_mwc