Ride the Lightning

EFF Report Exposes Web Trackers on Social Media, Website and Apps

December 5, 2019

On December 2, the Electronic Frontier Foundation (EFF) announced that it had released a comprehensive report that identifies and explains the hidden technical methods and business practices companies use to collect and track our personal information from the minute we turn on our devices each day.

"Behind the One-Way Mirror" takes a deep dive into the technology of corporate surveillance. The report uncovers and exposes the myriad techniques—invisible pixel images, browser fingerprinting, social widgets, mobile tracking, and face recognition—companies employ to collect information about who we are, what we like, where we go, and who our friends are. Amazon, Facebook, Google, Twitter, and hundreds of lesser known and hidden data brokers, advertisers, and marketers drive data collection and tracking across the web.

"The purpose of this paper is to demystify tracking by focusing on the fundamentals of how and why it works and explain the scope of the problem. We hope the report will educate and mobilize journalists, policy makers, and concerned consumers to find ways to disrupt the status quo and better protect our privacy," said Bennett Cyphers, EFF staff technologist and report author.

"Behind the One-Way Mirror" focuses on third-party tracking, which is often not obvious or visible to users. Webpages contain embedded images and invisible codes that come from entities other than the website owner. Most websites contain dozens of these bugs that go on to record and track your browsing, activity, purchases, and clicks. Mobile apps are equally rife with tracking code which can relay app activity, physical location, and financial data to unknown entities.

With this information companies create behavioral profiles that can reveal our political affiliation, religious beliefs, sexual identity and activity, race and ethnicity, education level, income bracket, purchasing habits, and physical and mental health. The report shows how relentless data collection and profile building fuels the digital advertising industry that targets users with invasive ads and puts our privacy at risk.

"Today online shoppers will see web pages, ads, and their social media feeds. What they won't see are trackers controlled by tech companies, data brokers, and advertisers that are secretly taking notes on everything they do," said Cyphers. "Dominant companies like Facebook can deputize smaller publishers into installing its tracking code, so it can track individuals who don't even use Facebook."

"Behind the One-Way Mirror" offers tips for users to fight back against online tracking by installing EFF's tracker-blocker extension Privacy Badger in their browser and changing phone settings. Online tracking is hard to avoid, but there are steps users can take to seriously cut back on the amount of data that trackers can collect and share.

"Privacy is often framed as a matter of personal responsibility, but a huge portion of the data in circulation isn't shared willingly—it's collected surreptitiously and with impunity. Most third-party data collection in the U.S. is unregulated," said Cyphers. "The first step in fixing the problem is to shine a light, as this report does, on the invasive third-party tracking that, online and offline, has lurked for too long in the shadows."

Amen to that. My November 26 RTL post covered similar terrain with suggestions from the New York Times.

RTL reader Harold Weston, a Clinical Associate Professor with Robinson College of Business at Georgia State University was kind enough to write me. His additional suggestions are below (I also use Privacy Badger and Duck Duck Go):

"Add Ghostery to Firefox, and set it to block everything. Assuming it does what it says it does, that should kill most every tracker, and double-kill them all with Privacy Badger. Firefox also does a lot of tracker blocking if set correctly.

VPN is important, and at least with my service from NordVPN I can select a country to route my internet traffic through. By setting it to Ireland or Iceland, or any E.U. country for that matter, many websites will read my request as coming from the E.U. and thus the General Data Protection Regulation will apply to the websites' contacts with me. For example, going to npr.org from Ireland, offers me a cookie-free view in text mode only.

DuckDuckGo has been my search engine. Another good one, less well known, is Qwant, from France, which works just as well in the U.S."

I think protecting our privacy is practically a full time job!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson