August 21st, 2012 by Hide My IP
Tracking on 50 of the most-visited websites has had a dramatic rise since 2010. This increase is driven in part by the rise of online-advertising, according to a new study by data-management company Krux Digital Inc.
On an average visit, 56 instances of data collection are triggered, up from just 10 instances when Krux conducted its initial study in 2010.
The rise in the number of online companies collecting data about Web-surfing behavior is a testament to the power of the $31 billion online-advertising business. This industry increasingly relies on data about users’ Web surfing behavior to target customer specific advertising.
Krux conducted its survey by crawling up to 10 pages on each of the 50 most-visited sites. The study didn’t include sites that require a user to log in, and Krux didn’t identify the sites it surveyed.
Despite rising concerns about online privacy, the online industry’s data-collection efforts have expanded. One reason is the popularity of online auctions, where advertisers buy data about users’ Web browsing. It is estimated that such auctions, known as real-time bidding exchanges, contribute to 40% of online data collection.
In real-time bidding, as soon as a user visits a Web page, the visit is auctioned to the highest bidder, based on attributes such as the type of page visited or previous Web browsing by the user. The bidding is done automatically using computer algorithms. It is estimated that real-time bidding will constitute 18% of the online display-ad market this year, up from 13% last year.
To make the auctions successful, advertising companies are racing to put tracking technology on as many websites as they can. This tracking technology gives them user and Web-page data to sell in the auction.
Krux in its latest study found that more than 300 companies collected data about users, up from 167 companies in 2010. The latest figure easily topped the 131 companies that The Wall Street Journal identified in a 2010 survey of tracking on the 50 most-visited websites.
Krux also found that data collectors were piggybacking on each other more than half the time. For example, when a user visited a website that had code for one tracking technology, the data collection would call out to and trigger other tracking technologies that weren’t embedded on the site. As a result, websites often don’t know how much data are being collected about their users.
Frustrated by a flood of privacy violations, the Federal Trade Commission issued a strong call for commercial-data collectors to adopt better privacy practices and called for Congress to pass comprehensive privacy legislation.
In a 73-page report on privacy in the digital age, the FTC called on U.S. commercial data collectors to implement a “Do Not Track” button in Web browsers by the end of the year.
“Simply put, your computer is your property. No one has the right to put anything on your computer that you don’t want,” said Jon Leibowitz, chairman of the FTC.
The agency also, for the first time, turned its attention to offline data brokers. These brokers buy and sell names, addresses and other personal information. The FTC is calling on them to create a centralized website providing consumers with access to their data, and the right to see and make corrections to their information.
August 15th, 2012 by Hide My IP
Almost all of us navigate the Internet by using search engines. Search engines have (and use) the ability to track each one of your searches. They can record your IP address, the search terms you used, the time of your search, and other information.
Although it may not seem like you are giving very much information, when you browse the Internet you are relaying personal information to Web sites. Browsers are likely providing your IP address and information about which sites you have visited. As you navigate from website to website, numerous companies are using sophisticated methods to track and identify you.
Most major browsers now offer a “Private Browsing” tool to help increase your privacy. However, it has been found that “Private Browsing” may not remove all traces of online activity. Many popular browser extensions and plugins undermine the security of “Private Browsing”.
Major search engines have said they need to retain personal data, in part, to provide better services, to stop possible security threats, to keep search ranking results accurate and more. Major search engines often have retained this data for over a year, well beyond any time frame needed to address these concerns.
Remember, in today’s day and age it isn’t just “Buyer Beware”… It’s “Browser Beware”!
August 7th, 2012 by Hide My IP
It is a common practice to routinely buy sell or track your online data. Tracking cookies are the norm on popular websites; tech giants such as Google have a reputation for over collecting and mishandling online users’ personal data.
The Pew Internet & American Life Project found that 73 percent of users said they would not be OK with an online search engine keeping track of their queries even if the data provides personalized results in the future.
While this issue receives most of the attention, corporations and governments may keep an eye on you in other, less known ways.
Is the Government Building a File on You?
The idea that government agents are reading your email messages and listening to your phone calls sounds like a conspiracy theory, but it is possible. According to some former National Security Agency employees, turned whistleblowers, the government is building a dossier on practically every U.S. citizen, drawing on information from e-mails and phone calls.
You can’t opt out of this type of data collection, but you can hope that Congress doesn’t renew the FISA Amendments Act, which would renew a President Bush law that allows the government to collect large amounts of information from the “international communications” of American citizens. The Electronic Freedom Foundation is imploring citizens to write their members of Congress about the issue.
What kind of books do you read? EBooks Know.
In the digital age, your reading habits are an open book to companies like Amazon, Barnes & Noble, and Apple. As reported by the Wall Street Journal, eBook sellers can easily track reading data, like how long you spend reading, how far you get in a book, what text you search for, and what you read next. Not all companies are open about what they collect, but Barnes & Noble has confirmed that they are “in the earliest stages of deep analytics,” and use the data to determine which books to sell on its Nook eBook reader products. There’s no evidence that booksellers use reading data to share your habits with marketers or government agencies.
Wireless Carriers Do Sell User Info for Big Bucks
The wireless carriers have a knack for extracting more and more money out of their subscribers—or, it turns out, from their subscribers’ data. One lucrative gig involves retrieving users’ locations on behalf of law enforcement, in many cases without warrants. AT&T, just one of the participating carriers, reportedly received $8.2 million in 2011 for providing this service, so it works out pretty well for all involved—except those users who don’t want to be followed, that is.
That’s not the only example of wireless carriers profiting from user data. As reported last year, all four of the major wireless carriers use aggregated, anonymous customer data to target ads. Verizon even sells the collected data to third parties. The amount of data each carrier collects varies, but Sprint is the worst offender, using mobile Web browsing and app download history to help its clients target ads.
June 22nd, 2012 by Hide My IP
Recently Microsoft announced a change in how DNT (Do Not Track) will be implemented in Internet Explorer. In a new pre-release version of IE 10 Microsoft will automatically start sending a DNT header for the user so that they will not be tracked by third parties across the web.
We think it is absolutely great to see Microsoft put its full support into DNT. It is important to note that only a year ago Firefox was the only browser that supported DNT. This push on Microsoft’s part will move DNT more into the main stream and bring issues of user control and privacy into the light.
We are eagerly awaiting more information about Microsoft’s new DNT implementation. Such a big name taking this on should mean a lot towards setting standards in regards to DNT. At the core of DNT, and indeed the reason for its existence, is the ability to allow users a choice as to whether they wished to be tracked or not. Believe it or not this is a big deal as up until now the user has not had this choice presented to them. It was simply not put in their hands.
The WC3 group, made up of leading consumer privacy groups and industry representatives including Microsoft , states: “Key to that notion of expression is that it must reflect the user’s preference, not the preference of some institutional or network-imposed mechanism outside the user’s control.”
DNT is exciting because it is not an off switch for a form of technology, rather it is users choice reflected in code. That is what makes this great. DNT goes beyond specific technologies and goes to the heart of the matter: how user browsing habits are used.
Currently there are three different signals to consider when delivering the users tracking preferences. The user can accept tracking, decline tracking, or not have a choice. Firefox defaults to the third option and handles it as if the user says it declines tracking. Ultimately it will be up to the company on how they wish to handle the third option, but we commend Mozilla Firefox for protecting its users by default.
All of this is extremely interesting and a great relief to the end user. There is no reason it could have gone the other way, and we are simply ecstatic that a company like Microsoft is running with DNT in order to protect user choice.
June 16th, 2012 by Hide My IP
The founder of Europe vs. Facebook, Max Schrems, has forced Facebook to put proposed policy changes up for a vote to all of its users by motivating his privacy group to flood Facebook’s Site Governance page with messages. Facebook received many more than 7,000 comments needed to trigger a vote. Europe vs. Facebook is demanding sweeping changes to Facebook’s product rather than the small policy changes in the proposal.
The one-week voting period opened on a set of a relatively benign changes and Facebook will notify users by web and mobile. If over 30% of Facebook’s active users (roughly 230 million people), voted for the changes that will go into effect, and if they vote against them they’ll be scrapped. Otherwise Facebook will take the changes “under advisement”. Facebook’s Chief Privacy Officer for Policy Erin Egan stated that Facebook will consider changing its site governance voting system to discourage votes being triggered by low-quality comments and adapt to the growing size of Facebook’s user base.
Egan follows “I really don’t think any of our changes were controversial. [Max Schrems] is interested in us changing our product, but these revisions are about our policy. We can’t please everyone. We did reach the threshold because a viral meme was created [by Schrems asking users to blindly paste in the comment "I oppose the changes and want a vote about the demands on www.our-policy.org"], and unfortunately the result is a vote.” When the feedback period ended on May 18th, we noticed over 42,000 comments, most without any actual qualitative feedback had been filed and a vote was inevitable.”
In all of Facebook’s history this is only the second governance vote. The voting system was set up in 2009 when it had 200 million users, so the 7,000 comment threshold and the 30% required to make a vote binding seemed more appropriate for the total amount of users. Facebook is now considering upping the comment threshold, or even possibly doing away with the voting procedure.
Egan stated “Max is a user of ours and we appreciate his feedback, but we worry the voting threshold number may be incentivizing quantity over quality”. A new system would seek to get users actually reviewing the changes themselves and giving their own opinion, rather than being used as pawns by privacy activists.
The demands include “We want Facebook to implement an ‘Opt-In’ instead of an “Opt-Out” system for all data use and all features” and “We want Facebook to limit the use of our data for advertisement“. These are much grander changes that would seriously hamper Facebook’s ability to launch new features and make money, and are unlikely to be adopted. There’s simply no way all 900 million+ users would be willing to constantly approve every little change Facebook makes.
By creating the “I oppose the changes” meme, Europe Vs. Facebook showed it would rather obstruct progress, even progress it had lobbied for, than provide real constructive criticism. While its allegiance to strict privacy could be viewed as admirable, its tampering with the commenting system cannot.
It’s still important to note that despite flaws in the system, Facebook offers its users much, much more control of site governance that any other major website. When asked if it would like to see other sites adopt a policy feedback system, Schnitt said “Absolutely, we think users should demand this kind of thing, and they deserve it too.” When asked if Twitter and Google+ were giving people enough control, Schnitt replied “That’s for their users to decide.”
Facebook’s users will have until June 8th to vote on the Statement of Rights and Responsibilities and Data Use Policy changes. Users will be directed to the voting page from ads in the sidebar of Facebook’s website, and a banner at the top of its mobile interfaces. The most significant changes users will be voting on are:
A clarification regarding Facebook’s existing policy that it may use your data to serve you ads outside of Facebook.com while you’re on other websites
A more detailed explanation of how in some cases Facebook will “retain [your] data as long as necessary to provide you services” whether that’s less or more time
May 31st, 2012 by Hide My IP
This blog has looked at and gone down many privacy avenues. Usually they are related to your online identity or your online privacy. Avenues firmly routed in a world that this company exists in. But for many people their online world and their real lives are colliding. What has long been known as “our private lives” is quickly losing ground and becoming far more public than we would like despite our best attempts compartmentalize our world.
This February CBS did an article about a teacher, her Facebook, and what happens when public life meets private life. You can read the full article here. To summarize the article: A school teacher went on a summer vacation to travel Europe. She (like so many other people) took photos to chronicle her journey. You know the kind of photos, they are what you share with friends to show that little café in Italy that made the best gelato you have ever had, or just what the Eiffel Tower looks like looking up from the base. So that you have images when words aren’t enough. But the problem didn’t stem from those photos. It stemmed from her time in Ireland where she got a photo of herself with a glass of wine and Guinness.
She took that photo, as well as all of the others, and put in on her Facebook to share with friends and family. She even set her Facebook to private to avoid the collision of her two worlds. Despite all of those conscientious precautions a student’s family member saw the photo and reported the teacher to the administration. Shockingly the teacher was then offered the choice of being suspended or resigning. She resigned and is now fighting for her job.
So why do we find this worth writing about? Why did that article make it to this blog? Because it is a prime example of our shrinking world. Our online identities as well as the details of our private lives are making it into the public eye (and by proxy our public lives) quite often and definitely more than we want, like, or expect.
The problem is that it is getting to the point that it is impossible to keep anything personal or private. The only way would be to never share our stories, photos, moments, or lives with other people. This is in direct opposition to the fact that we are not solitary creatures. Our doctors, our nurses, our teachers, our police, our judges, psychiatrists, and everyone else you can think of are normal people. They have normal impulses, and outside of work lead normal lives. These same people are at a crossroads. Do they stay behind the times, have no online identity, and live in fear of when personal meets private? Or do they fight like this teacher is doing and push for privacy and the right to exist and be normal outside of the workplace? Where do you stand? How important is your privacy to you? Is it worth protecting?
March 28th, 2012 by Hide My IP
The report calls on American businesses to use best practices when it comes to privacy, specifically it calls for :
- Privacy by Design - companies should build in consumers’ privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
- Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Greater Transparency - companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
In an attempt to not burden small businesses, the report concludes that these recommendations should not apply to companies that collect non-sensitive data from less than 5,000 consumers a year.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said Jon Leibowitz, Chairman of the FTC. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
The report takes a swipe at data brokers – who exist solely to buy, collate, and sell highly personal information about consumers, often without consumer consent or their knowledge about how this data is being used. The FTC reminds data brokers that existing legislation already gives consumers the right to access information held about them by data brokers. But it also recommends that data brokers make their operations more transparent and create a centralized website where consumers can get information about their practices and their options for controlling data use.
Concerns over data brokers rose last year after an investigation by The Associated Press which found that many such brokers frequently store incorrect or outdated information, including criminal records. The investigation found that some people were denied jobs because a data broker had incorrectly reported them as a convicted felon. Last year the data broker HireRight Solutions Inc. was forced to settle a class-action lawsuit for $28.4 million after widespread complaints about inaccurate records led to legal action against the company.
The work done by the major browsers (like Firefox and Chrome) to develop do-not-track technology has been commended by the FTC. With DNT users have a choice about whether to be tracked by third parties as they move across the web. The World Wide Web Consortium, the group which defines the various technology standards for the Internet, are currently developing a universal web protocol for Do Not Track. “The Commission will work with these groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system,” the report says.
March 22nd, 2012 by Hide My IP
‘Everyone has a price’ is the old saying and it is certainly true today where privacy is concerned. In a world where personal data is traded like any other commodity, the European Network and Information Security Agency (ENISA) – a centre of network and information security expertise for the EU – has published a study about consumer behavior in relation to the disclosure of personal information during a purchase or transaction.
In a set of controlled experiments, Dr Nicola Jentzsch and his team discovered that people have a natural built-in mechanism to protect their privacy but only if it doesn’t cost them anything. Under the experiments the participants simulated buying tickets for a movie from one of two sellers. One of the sellers asked for more personal data (e.g. their cell phone number) than the other. If the price was the same at both sellers, the majority of purchases were made with the privacy-friendly service (about 83% of all tickets sold). But, if there was a price difference (where the vendor asking for more information was cheaper) most of the participants (more than two-thirds) happily revealed the information to get the tickets cheaper.
Another interesting aspect of the study is that of those who opted to go with the privacy-unfriendly service, some participants tried to cheat the system by supplying false information (like giving their name as Donald Duck) in an attempt to get the discount. To offset this tendency the researchers used a lie detector to ensure only truthful information was given! After buying the tickets the participants were asked if they had concerns about whether the ticket seller would protect their information. A majority of users expressed concerns with only about 0.7% of participants saying that they are ‘not interested at all’ if organizations that collect personal data also protect this information.
What is startling about this study is the price difference. Were the tickets, which asked for the mobile phone number, half price? At a 33% discount? No, the difference in the price was just $0.65. Just over half a dollar, that is what private information is worth!
The report make several recommendations, one of which is “Personal data protection and privacy is a human right. The European Commission, EU Member States and data protection authorities should enforce a clear and consistent legal data protection framework.” This should also be true in the USA.
It seems that asking for more personal information than is necessary is becoming a “normal” part of online life. According to the ENISA report “43% of Internet users say they have been asked for more data than necessary when trying to obtain access to or use an online service.” It is essential that online users avoid (as much as is possible) services that request unnecessary amounts of data. Once you have handed over private information there is no way to get it back. Worse still, it seems as if greedy workers are willing to break confidentiality rules (and privacy policies) to make some extra money on the side. An investigation by the UK’s Sunday Times has found “corrupt Indian call center workers” sold confidential personal data of more than 500,000 customers to cyber criminals and marketing firms.”
Use your common sense. Don’t reveal what isn’t necessary. Use privacy friendly services, even if they cost $0.50 more!
March 15th, 2012 by Hide My IP
In the fight for online freedom and the right to privacy there are three main ways in which action can be taken. The first is for each individual to protect their online identity by using the right privacy software and applying common sense to their online activities. The second is to protest (like the Internet Blackout Day in January) and the third is to use the law. It is this third option which is being used this week by a group of 13 individuals in Texas, who have filed a class action, and by two congressmen who have sent Apple a letter asking Timothy Cook, Apple’s chief executive, to make representatives available to brief an Energy and Commerce subcommittee.
The class action is being brought against 18 tech companies including Facebook, Twitter, Foursquare, Yelp and the makers of the popular game Angry Birds for stealing contacts from Android and iOS powered smart phones without the owner’s permission or knowledge. The lawsuit is in response to a story which broke in February when a blogger noticed that the social networking service Path uploaded a phones entire address book to its servers. This resulted in Path issuing an apology, deleting its entire collection of user uploaded contact information from its servers and issuing a new version of its app. But it soon turned out that other social networking apps did exactly the same thing and hence the lawsuit.
The plaintiff’s complaint is that the contacts in a mobile phone, which includes physical and e-mail addresses, job titles and birthdays as well as phone numbers, are some of the most personal data that owners carry on their wireless mobile devices. And they claim that the defendants have made, distributed and sold apps that, once installed on a wireless mobile device, surreptitiously harvest, upload and illegally steal the owner’s address book data without the owner’s knowledge or consent.
The complaint then goes on to quote from the New York times: “The address book in smartphones — where some of the user’s most personal data is carried— is free for app developers to take at will, often without the phone owner’s knowledge. . . Companies that make many of the most popular smartphone apps for Apple and Android devices — Twitter, Foursquare and Instagram among them — routinely gather the information in personal address books on the phone and in some cases store it on their own computers… While Apple says it prohibits and rejects any app that collects or transmits users’ personal data without their permission, that has not stopped some of the most popular applications for the iPhone, iPad and iPod — like Yelp, Gowalla, Hipsterand Foodspotting — from taking users’ contacts and transmitting it without their knowledge.”
“We’re making some fairly serious allegations against the big boys,” the plaintiffs’ attorney, Jeff Edwards, told the Austin American-Statesman. “We’re saying, ‘Hey, you took something that didn’t belong to you, and you’re making a profit off it.’”
Congress it seems is also interested in how apps can get hold of a user’s data. This week Representative Henry A. Waxman, a California Democrat, and Representative G.K. Butterfield, Democrat of North Carolina, sent a letter to Apple’s CEO Timothy Cook asking for further clarification on how applications for the iPhone, iPad and iPod Touch are allowed to access photos without a user’s knowledge. In fact this is the second letter the pair have sent to Apple. Having received Apple’s reply to their first letter, Waxman and Butterfield wrote back to Apple saying that Apple’s reply did “not answer a number of the questions raised about the company’s efforts to protect the privacy and security of its mobile device users.”
Rather than asking for another reply from Apple, this time the two ranking members of the Subcommittee on Commerce, Manufacturing, and Trade are asking Apple to make available representatives to brief staff on the committee.
March 11th, 2012 by Hide My IP
For many, Twitter is a casual, harmless way to publish their musings, moments and mutterings to friends and loved ones. A quick tweet that your cat just had kittens or that your baby just said “Mama” is received with oohs and aahs from grandma. But, Twitter is also a serious Internet phenomena with celebrities and politicians garnering thousands even millions of followers who hang on every word they write. Lady Gaga has now over twenty million (that’s 20,000,000) followers, Barack Obama over twelve million, CNN’s breaking news service over six million and so on. With thousands of tweets being published every minute this huge amount of data is rich for the pickings, especially for marketers.
Until recently only the last 30 days of tweets were available for companies to search and normal users could only search messages from the past seven days. But now Twitter has partnered with a company called Datasift to create a huge, searchable Twitter archive. The new archive will be used by market research companies to search and analyse Twitter updates since January 2010.
The new service, which absorbs and processes 250 million tweets every day, has already attracted lots of customers for Datasift who say that it has almost 1,000 companies who are waiting to access the service.
Datasift are very proud of their new service and are talking about their achievements to overcome the massive technological challenge to processes so much data. But privacy advocates are more concerned with the implications of what Datasift are doing. “People have historically used Twitter to communicate with friends and networks in the belief that their tweets will quickly disappear into the ether,” argued Gus Hosein, executive director of Privacy International in an interview with the BBC. “The fact that two years’ worth of tweets can now be mined for information and the resulting ‘insights’ sold to businesses is a radical shift in the wrong direction.“ The Electronic Frontier Foundation, an online rights and privacy group, have described the service as “creepy”.
Creepy is the right word… Imagine a friend who records all your conversations and, after two years, sends you an MP3 of a conversation you have while walking in the park. Creepy indeed! Tweets are no longer innocent status messages that soon fade into the ether, soon forgotten and hard to archive. No. Now Tweets are stored, analysed and processed to build up marketing information. Worse still, if you have set your account to add location data to your tweets, this information is also processed and analysed. Fortunately it is fairly easy to switch off the storing of location data with your tweets and Twitter also has the ability to delete location information from old tweets. However Twitters location data support page carries the ominous warning: “It is important to note that deleting location data in your settings does not guarantee the information will be removed from all copies of the data on third-party applications or in external search results.”
One little glimmer of good news is that “private” Twitter accounts (which are not public and only allows followers to see tweets” or tweets that have been deleted are not included in this searchable archive. As with all social networking sites, whether it is Twitter, Facebook or LinkedIn – if you aren’t happy with what you write being completely public then don’t post it.