Comments
Web Tracking Advances Beat Privacy Defenses
Newest First  |  Oldest First  |  Threaded View
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/23/2014 | 8:43:26 PM
Re: The end of your right to privacy.
"This will be an ongoing battle as so many companies depend on adverstising revenue and adverstisers clearly have the lobbying clout and feel they are entitled to invade your privacy more and more. I don't know which is worse anymore, American Businesses, the Government or the Hackers. All three are ruining the internet which was once a really unique experience."

@BubblesGump: I don't think anything can really function without a sound business model that ensures revenues for all concerned parties. There's nothing like a free lunch. When the internet was first launched, monetization options were not there and with the passage of time they emerged. I don't think there's anyone really to be blamed. When people want to consume content for free, someone has to pay for it. People end up paying by selling information to advertisers. It sounds like a win-win for both to me.
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/23/2014 | 7:15:49 PM
Re: Let's not cry wolf too soon
"Imagine an analytics vendor suffers a data breach (Adobe ran into some trouble a couple of months ago) and the company using their analytics tools did not respect the Terms and Conditions, they will be badly positioned in court. Analytics vendors need to become more transparent so that we can find a balance that works for both users and website owners"

@Aurelie: I think data breaches can be one of the most disasterous things that can happen to any company. Particularly if the company is an analytics service provider than the entire business can go down as the clients' trust will be severely affected. However, companies are also looking to get insurance against data breaches that can cover the loss in case an incident does happen.
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/23/2014 | 7:08:04 PM
Re: Is canvass fingerprinting persistent?
@David: I think when HTML5 came out, one of the things that stood out (apart from many others) was the improved privacy and security. However, I think with the passage of time people have found out workarounds for it. I think when it comes to storing cookies, Flash did offer a better alternative.
Aurélie Pols
50%
50%
Aurélie Pols,
User Rank: Apprentice
7/23/2014 | 5:28:12 AM
Let's not cry wolf too soon
Nice write up, I see the KUL folks are at it again with their pears at Princeton and as I read their initial paper about fingerprinting some months ago, I'm happy to see there's a follow up with stuff we've been facing for a while.

The comment by David R. Carr is an important one from a legal perspective and something I've been struggling with as well following this new write up: is something being installed on the users' device or not? Of what I had understood so far, digital fingerprinting as explained by the Electornic Frontier Foundation through their Panopticlick tool https://panopticlick.eff.org/, only pinged some data related to the browser used to uniquely identify a device. In the analytics sector, we've been doing this for a while to circumvent for certain browsers or setttings blocking cookies. So typically,  unique ID would be attributed using these browser features and some server side data like IP. It's not ideal and far from accurate but helps to identify returning visitors. So far, this did not install anything on the user's machine. It seems that with canvas fingerprinting we migth be talking about something else and if something is indeed placed on the device, then according to EU legislation (the infamous Cookie Directive), this needs to be declared.

DNT is another issue all together and a more US based approach to online tracking. I have some clients who are exploring this as it's up to them to decide wether or not they want to respect DNT. Typically the header sends a DNT=1 variable but the website using the tracking technology can choose to respect this request or not. So while it's interesting for the user to have this blanket set-up from a browser perspective (as opposed to having to opt-out for every website), it's still not bullet proof as it doesn't mean the other side of the equation actually respects the header. Most analytics tools have some kind of way of working with this and typically Tealium, one of the major tag management solutions actually has 2 options: to first track and report on the header request and then actually block the setting of the cookie if indeed the DNt hear is set to 1.

So this brings it back to the responsiblilty of the website or digital property owner to respect the users whishes for less Privacy invasive technology. For now, the stance has been to hide behind "oh but we don't collect personal information or PII" but as the Californian Privacy Protection Act (CalOPPA) requires website owner to delcare how they reponsd to DNT we have more and more clients looking into the issue of being compliant without loosing too much data. It's interesting to see how the US based DNT principles partially overlap with the EU Cookie Directive.

And this boils down to understanding what your tracking technology is doing exactly in terms of data flows. More often than not, a website owner has no idea what exactly happens behind the scenes, let alone the terms and conditions of certain tracking tools. So I've seen companies being slapped on the wrist by data protection agencies because a Flash file firing LSO objects. I've also seen analytics tools having to settle lawsuits for ETags.

Digital property owners need to start thinking about what is acceptable in terms of tracking and about where their company might be liable. Imagine an analytics vendor suffers a data breach (Adobe ran into some trouble a couple of months ago) and the company using their analytics tools did not respect the Terms and Conditions, they will be badly positioned in court. Analytics vendors need to become more transparent so that we can find a balance that works for both users and website owners. Same goes for mobile with tools like MyPermissions, showing you what is being collected. We are getting there, slowly but surely but it's indeed not an ideal equilibrium as deviation from best practices can always be defended by the "oh but we had no idea" stance, certainly for companies who's initial business is data.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
7/22/2014 | 10:42:36 AM
Is canvass fingerprinting persistent?
Does the canvass fingerprinting technique store something persistently on the user's PC or device? I would think an HTML5 canvas would only persist for as long as the web page was open in the browser window -- in which case this would be useful as a session-tracking mechanism for users who have disabled cookies, but not for ad tracking across multiple visits to the same site.

I confess I haven't studied HTML5 in detail -- and I do remember hearing about plans to give it some local storage capabilities -- so please correct me if I'm wrong.
BubblesGump
100%
0%
BubblesGump,
User Rank: Strategist
7/22/2014 | 10:39:08 AM
The end of your right to privacy.
Unbelievable, but not unexpected. An excellent program/extension/app, DoNotTrackMe, is available for Chrome and Firefox (don't know about IE as I don't use it). To date, it picks up virtually every attempt to track an individual and prevents such. It will tell you how many attempts are being made and who the culprits are. Since May 14, 2014, it has blocked 12,437 tracking attempts for me alone. DoNotTrackMe will allow a cookie to pass if blocking such would make the website unusable, but it does warn you of this and id's the offender. It also provides for masked emails that you can use for a specific sight then decide whether you want the email forwarded to your real account or not. This allows one to validate their logon when setting up an account but prevents future contacts and/or spamming to your real email account. DoNotTrackMe also provides for Credit/Debit Card protection and phone. Check the company out, Abine. Third party programs such as Glary Utilities Pro and Advanced System Care Pro will eliminate all the rest once you log out of your browser and close it. You'll find that using your browser's clearing/deleting functions fall woefully short. Using a router and a proxy server can further mask your real identity and obscure your movements. It sounds like the Ad companies are well aware of all of this and are working diligently to circumvent current privacy controls. My guess is our side will figure a way to deal with these new attempts and block them too. This will be an ongoing battle as so many companies depend on adverstising revenue and adverstisers clearly have the lobbying clout and feel they are entitled to invade your privacy more and more. I don't know which is worse anymore, American Businesses, the Government or the Hackers. All three are ruining the internet which was once a really unique experience.


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.