How Dozens of Companies Know More About You Than You Could Ever Imagine
If anyone ever asked me to describe myself in a few phrases, I would probably summarize that I’m a male, around 20 years old, with an interest in food, mobile technology, the outdoors and my beloved home, Silicon Valley. As it turns out, Google Inc. could’ve told you the exact same thing and more. What type of food do I love? Why don’t I let Facebook answer that for you. Ever wondered why online ads just happen to match exactly what you were searching for an hour ago? It’s certainly not a coincidence.
With consumer services ranging from Netflix to Google Now trending toward personalization and intelligent information delivery, and with online advertising, a $40 billion industry in the U.S. alone, steadily growing and replacing traditional advertising channels (1), dozens of companies have sprung up to capitalize on your data — recording virtually every search you make, web page you visit and video you watch to give you more targeted advertisements and recommendations.
At the core of this process are “cookies”, or small pieces of data stored in your browser by web pages you visit, which allow websites to remember certain aspects of your interactions with them. On one hand, cookies can be extremely convenient — they keep you logged in to services and remember your preferences on websites (YouTube video volume, for example). On the other hand, dozens of online third-party tracking firms — DoubleClick (owned by Google), Adnxs (owned by AppNexus) and Rubicon Project, to name a few — employ cookies on almost all the pages you visit online to gather information about every website you visit and every advertisement you view, and link you back into a constantly growing user profile about you which details your most probable age, gender and interests. These profiles are then sold to anyone and everyone able to afford them — retailers, web services and even political campaigns — to place more carefully chosen advertisements on the pages you visit. While these third-party trackers are independent of the websites you visit, services like Google and Netflix also internally track your interactions with their own products, a method called first-party tracking.
What does this look like for a typical Princeton student? With the aid of tracker identifiers Lightbeam, Ghostery and Disconnect, I found that:
- Almost all the websites you visit will have at least five third-party trackers, but most have many, many more.
- Netflix, Yelp and Hulu had about 10 third-party trackers on their home pages, but Yelp and Hulu had significantly more once you searched for specific businesses or chose a show, respectively.
- News sites tended to have a lot more trackers, with the New York Times around 25, the Washington Post around 50 and the Guardian at nearly 80.
- Websites for most fashion brands/retailers (e.g. Nike or J. Crew) typically had at least 30 trackers, with higher end retailers tending to have at least 10-20 more.
- Google search pages and Facebook had no third-party trackers, but that just means they aren’t giving anyone else access to the data they’re collecting themselves.
- Princeton, Blackboard and Craigslist had zero third-party trackers.
As a result of visiting 48 different web pages, I had inadvertently connected with 466 different third-party sites — in other words, almost 10 unique companies were gaining information every time I visited a new site. A few of these trackers were purely to monitor webpage usage and statistics, but most seemed to be for the purpose of advertising.
Much of the tracking was actually done by familiar names. When I visited Huffington Post, for example, Hulu, YouTube, Twitter, Pinterest, LinkedIn and Google Maps were aware of my visit. More importantly, however, is the fact that certain third-party advertising trackers such as DoubleClick appeared on virtually every site I visited that had trackers, which shows just how extensive their reach proves to be and ensures that almost all of my online history is aggregated in one extremely detailed database.
While this extensive tracking of online usage is not necessarily inherently harmful given that this data is kept private, research finds that “most users on [online social networks] are vulnerable to having their [online social network] identity information linked with tracking cookies” (2). As a result, the companies managing this data or anybody capable of hacking into their databases can potentially link both your past and future online usage directly with your identity without your permission or even your knowledge. This potentially constitutes a very significant invasion of privacy, and possibly facilitates identity theft.
Internet browser add-ons such as Disconnect or Ghostery allow you to block most of the online trackers you’ll encounter.
Luckily, not all hope has been lost. The rapid growth in both the pervasiveness and complexity of online tracking has been accompanied by the development of blocking tools with the Internet user’s privacy in mind. Internet browser add-ons such as Disconnect or Ghostery allow you to block most of the online trackers you’ll encounter. After a simple installation on Chrome, Firefox, or Safari, these services will inform you of and block third-party trackers attempting to monitor your usage on each page you visit. Many advertising companies also allow an opt-out of their online tracking through the website www.aboutads.info/choices, a more tedious process, but one that addresses the root of the problem. Lastly, remember that first-party services such as Facebook or Google also collect the data you enter into their services — you can usually opt out of targeted ads for these services as well, but it must done on a case-by-case basis. The Internet has always been a source of almost endless information, but it has also become a tool for companies to continually gain information about you. With awareness and a little bit of effort, you can better protect your privacy and make sure that information transfer is closer to a one-way street.