Man reveals secret recipe behind undeletable cookies A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode. The technique, which worked with sites including Hulu, Spotify and GigaOm, is …
I'm not taking sides, but just pointing something out.
Once you get over the notion that web browsing is something happening in your home (where you do have a legal right to privacy), and realize that you (your data at least) is leaving the house and visiting public servers which have every right to track you while visiting the sites.
Analogy: If you go to the grocery store, can you honestly complain when they ask you to remove the ski mask from your face so the security camera can get a good look at you? If you don't agree with the advertising or tracking, do not use the site, it's that simple. (I don't have a Google+ for this reason) If I run a website, I have every right as a private businessperson to run that site in any way I see fit providing I comply with sales and content laws, and of course disclose certain things.
Getting back to the grocery store analogy, how is the information that gets stored via Internet any different than what the grocery store sees on their security camera? You pull up in the same car (browser), waddle in to purchase your case of twinkies (browse content), and pay with cash (don't log in) so that nobody will know that YOU are the 400lb guy with curly black hair and a Ford Taurus who likes twinkies.
To be honest, I'd rather have ads that I might actually *like* appear on my preferred sites, instead of the recent influx of ads having to do with being Mormon. I'm going to see advertising anyway, at least this way, I get something that might be interesting.
Does the grocery store do this?
* Have someone write down your license plate number when you arrive.
* inventory what you buy, as well as what products you seem to look at.
* catalog those results and store them for later analysis.
How about this?
* share that information with someone at your local pub (oh look, they Ford Taurus with plate XYZW1234 is here, from his shopping habits at the store, he's a family man, but today he picked up a box of tampons, so let's try to sell him an additional beer).
You are correct about not going to the site if you disagree with its tracking policy. Here's the rub: they're NOT telling you what they're doing.
AC, even though I'm beginning to doubt it will do me any good :-)
"* inventory what you buy, as well as what products you seem to look at.
* catalog those results and store them for later analysis."
Actually, yes, they appear to do that, at least here in Merka. Except for the "what products you seem to look at" (as far as I know, wouldn't be surprised...).
If you pay with a credit card, or, worse, use one of those "loyalty cards" things that give "discounts" (i.e. remove the artificial increase in price).
It's easy to know: go return/exchange a product to, say, Target or Apple. If you paid with CC, all they need is your CC to accept it, you don't need a receipt. It happened to me recently: my 6th gen nano (crap, but got as a gift from the GF...) broke the other day. I went to the Apple Store to exchange it, and had no receipt (but since the thing was released less than year ago, it must be under warranty). The guy got the serial number, and got me a new one. The receipt had my GF's name written on it, date it was bought, etc. When I told her that, she mentioned she had the same happen to her at Target. So, yeah, they do inventory what you buy, and I'm sure they use it later, and they don't ask for permission to collect nor keep the data -- at least I haven't been asked to sign anything.
Of course it's easy to not use either, pay cash... much easier to circumvent the disgusting web tracking those guys are doing.
"Analogy: If you go to the grocery store,..."
In this particular case, the problem isn't that the grocery store knows what you buy... It's more analogous to that annoying neighbor that you try to avoid -- the one that always buttonholes you with a new "sure thing" that he's always trying to get you to sign up for -- that knows what you bought at the grocery store, the bed-n-bath store, the pharmacy, the newsstand, and that "club" in the next town that you go to on Saturday nights.
I don't see where I have any obligation to give him any of that info.
Hmmm... I'm not a programmer but, OTOH, AppleScript has a random number generator... I may have to dust off my scripting and see if I could set up one that tells the browser to write a random number to that line in the cache every three minutes... Something to think about in what I laughingly refer to as my free time...
In continental Europe there's this thing called Privacy written into various national constitutions and actually European Human Rights directives, which says even stuff which is apparently public is still subject to privacy rules. The exception is if you can show an explicit public interest. A shop tracking a customer does not have a public interest defence - the only way allowed in certain European countries is for the customer to have agreed to the data collection (explicit opt-in). Even if you think the information is public. Without the opt-in the shop is not allowed to do it. The principle is that organisations/businesses hold the minimum information. Information being public is not a defence.
As you're in America, I'll give you some time to pick your lower jaw off the floor.
surely weather they are more targeted or not you can just ignore them? the technique only has effect if multiple sites are using the same technique (obv.) so information obtained (unless your buying WMDs or something, then you should use TOR) would only ever be relevant to advertisers... Just ignore the adverts, targeted or otherwise!!
Yes, you can ignore ads, even 'targeted' ads.
However, browser history can contain more telling personal information that can be used in more pernicious ways. Suppose an employer buys the browser history of their employees. They have layoffs coming up. Lets see now. Worker A has been browsing speed shoppes for racing bicycle parts. Worker B has been searching for homeopathic cancer remedies. I wonder which one the accountants would recommend to be laid off?
This needs to stop.
Excerpt from http://www.scroogle.org/doctorow.html
"He should have seen it coming, of course. The U.S. government had lavished $15 billion on a program to fingerprint and photograph visitors at the border, and hadn't caught a single terrorist. Clearly, the public sector was not equipped to Do Search Right.
The DHS officer had bags under his eyes and squinted at his screen, prodding at his keyboard with sausage fingers. No wonder it was taking four hours to get out of the god damned airport.
"Evening," Greg said, handing the man his sweaty passport. The officer grunted and swiped it, then stared at his screen, tapping.
[ . . . ]
"Tell me about your hobbies. Are you into model rocketry?"
"What?"
"Model rocketry."
"No," Greg said, "No, I'm not." He sensed where this was going.
The man made a note, did some clicking. "You see, I ask because I see a heavy spike in ads for rocketry supplies showing up alongside your search results and Google mail."
Greg felt a spasm in his guts. "You're looking at my searches and e-mail?" He hadn't touched a keyboard in a month, but he knew what he put into that search bar was likely more revealing than what he told his shrink.
"Sir, calm down, please. No, I'm not looking at your searches," the man said in a mocking whine. "That would be unconstitutional. We see only the ads that show up when you read your mail and do your searching. I have a brochure explaining it. I'll give it to you when we're through here."
"But the ads don't mean anything," Greg sputtered. "I get ads for Ann Coulter ring tones whenever I get e-mail from my friend in Coulter, Iowa!"
The man nodded. "I understand, sir. And that's just why I'm here talking to you. Why do you suppose model rocket ads show up so frequently?"
[ . . . ]
It amuses me endlessly to see the lengths to which marketers will go in pursuit of maybe, just possibly, once in a very long while, a sale by one of those using their services to advertise.
Only speaking for myself, but I use adblock so I see few ads, and those I do see I pay no attention to.
The con is really that marketers claim that targeted ads improve sales. That's not true. Today I may be interested in ginormous nipple rings, tomorrow in an antiquated book on Latin grammar, and the day after in Dog only knows what.
Or to use a more prosaic example, suppose I'm looking for underwear. I have a very clear idea what I want, I know exactly which brand and model will fill the bill, and any adverts to the contrary are just so much wasted effort. What *will* influence me are the web pages that give full, objective information and are clear about sizing, fabric, country of origin, colors, styles, price, and availability. But once I've bought my gaunch, that's it. Throwing more ads at me does nothing, because I have enough rags to shelter my ever lovin' bod from the lust-filled gaze of onlookers, and need no more.
Then there's ebay: in my pursuit of the perfect undies, I found the brand and model, and set up a moderately complex search string to find ebay listings for those and no others. Ebay then, in its blind pursuit of money, altered their search facility so it returned not just what I was looking for, but all sorts of other brands and models, I s'pose with the subliminal message "Maybe these are what you really want?" An intelligent company would have recognized that the more specific a search, the less likely it is that the searcher has interest in other things, particularly when the search string takes steps to exclude other makes and models.
As ebay, so marketing in general: they think their ads actually work, but it's highly questionable whether they do anything other than annoy netizens.
I have my Asus TomatoUSB router blocking about 75,000 domains compiled from various ad/adult/tracking block lists. I was happy to see kissmetrics.com listed in there when this news came out. They can have their unkillable cookie on my systems ... just as long as it can't dial home! :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
