The Wall Street Journal has been running a series of very interesting - and disturbing - articles the past few days investigating Internet spying and its impact on your privacy.
For instance, did you know that the top fifty US web sites (which account for about 40% of Web pages visited by Americans) install, on average, 64 pieces of tracking technology onto the computers of their visitors? Or, that two-thirds of those tracking files were created by 131 companies, many, if not most, of which are in the business of selling the information they capture from you and me?
Of course, the companies installing the web site tracking software say it is all harmless. In fact, they argue, the information captured about us allows them to create a better on-line experience since the Web ads that we see are tailored to fit our individual interests.
The WSJ says that the companies behind the tracking software - and the web sites that allow them to operate - are driven by a new mantra:
"Advertisers want to buy access to people, not Web pages."
As a result, tracking software on web sites has increased in sophistication to where - using so-called "Web bugs" - your cursor movements on a web page along with what you are typing are being analyzed to create profile of you (or better, your computer) that can be also tracked across web sites.
One company the WSJ wrote about is BlueKai, which offers a data exchange that auctions off Web users' information. The Journal says that the company auctions off some 50 million pieces of information of Web users' browsing habits a day. This auction can even happen as a person is browsing a particular site. The cost of buying the information is as low as a tenth of a cent per piece of information.
The Journal says these information exchanges have rapidly increased in number in the past 18 months. Or as the WSJ puts it:
"One of the fastest-growing businesses on the Internet ... is the business of spying on Internet users."
In its investigation, the Journal found that many companies, including Microsoft and Comcast, claimed not to know that their web sites contained so much tracking software.
One web site which seemed to know was Dictionary.com, which the WSJ found had 159 third-party cookies on its site. It justified the tracking software as saying cookies helps pay for users being able to use a dictionary and thesaurus for free, that the cookies don't hurt the customers' experience, and that use of tracking cookies is disclosed.
"So what's the beef?," the WSJ quotes the Dictionary.com spokesperson as saying.
Wikipedia, in comparison, has no tracking software, the Journal says.
In another Journal article in the series, apparently Microsoft IE8 designers wanted to make it easy for users to keep from being tracked on-line. However, the WSJ says, that was thwarted by others in Microsoft who felt that it would cut into the revenue Microsoft and its partners could make from selling Web users' information.
The "compromise" reached was to include a way for IE8 users to block web site tracking, but users must do so every time the browser is opened.
According to the Journal, the ability to track users "is the foundation of an online advertising economy that racked up $23 billion in ad spending last year." This is predicted to grow by 11% per year over the next few years.
Furthermore, citing researchers at AT&T Labs and Worcester Polytechnic Institute, the WSJ says that the percentage of 1,000 popular sites now employing tracking software has jumped from 40% to 80% since 2005.
Another trend in tracking software is determining your credit worthiness by examining social networks (you may also want to read Spectrum's Sally Adee's post on the future of social networking as the surveillance state). The WSJ says that one company, Media6Degrees Inc., believes that the credit worthy hang out with the credit worthy, the deadbeats hang out with deadbeats, and it can determine from your browsing which group you belong to.
Sounds like a potentially new form of credit redlining to me.
In today's article, the Journal investigates how easy it is to develop a good prediction not only your credit worthiness, but how easy it is to "de-anonymizing" - personally identify - a person from their browsing trail and or their social networks.
The tracking companies that can figure out who you are told the WSJ they can't be bothered, since it would cost them too much to do so. Besides, they have sufficient data on you to allow them to make informed decisions - like what on-line deals to offer to you or not.
As I was reading the article, I started to wonder how long it will be before services spring up offering software-generated "pseudo-self's" that will browse the Web in some random fashion as a deliberate way to spoof these tracking companies.
There is already a start-up company called Bynamite that is trying to figure out a way to make advertisers pay consumers for their information. You can read about them here in a recent New York Times article.
The Journal also has an article in the series on how to determine what advertisers have on you and how to reduce your on-line signature here. Bynamite offers a plug-in for FireFox and Chrome browsers that will let you understand what advertisers see about you as well.
In related news, last week the Federal Trade Commission (FTC) Chairman Jon Leibowitz testified before the U.S. Senate Committee on Commerce, Science, and Transportation that the FTC was looking into a "do not track" registry where consumers can opt out of behavioral advertising. The FTC says it will be releasing a report on the idea later this year. There was an article in Broadcasting and Cable on the subject here.
After I finished reading the WSJ series, I kept thinking about the lyrics of the 1980's song, "Somebody's Watching Me," which seem more apt now than then.
Alas, the song - which is about feeling paranoid that someone is always watching you - is now a "theme song" for the Geico Insurance company. For Geico, this constant watching over you supposed to be perceived as a good thing.
Kind of like what on-line tracking companies say of their activities, too.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.
