November 08, 2012

Do Not Track: What it is, How to Prevent it and the Future of Tracking


How to stop tracking today? Turn off cookies, Javascript, Java and Flash in your browser. OK, that is not a practical way to prevent Internet tracking. You can do it, but it will severely impact your Web browsing experience!

“Do Not Track” (DNT) has been a hot topic for the last several months. Before we discuss ideas on how to prevent it, and the future of tracking, we need to discuss what DNT is.

What is “Do Not Track”?

About seven years ago, I browsed to the website of a not-for-profit organization. In addition to what I expected to see, I saw a box on the left side of the screen that said:

Welcome Ed Weinberg.

Click here to donate.

[logo]

I clicked on the logo and it brought me to a page on Amazon.com where I could make a donation to the not-for-profit group! I found this creepy. Yes, I had an account at Amazon, and yes, I knew they knew who I was, but when I saw my name on a website I had never been to, alarm bells went off in my head.

Fast forward to today. According to studies, when you visit some popular sites, you might be being tracked by up to 30 advertising companies. Maybe you went to an insurance company site, and for the next few days, you saw ads for that insurance company on half the sites you visited! This is how they track you.

Firefox, Opera and Safari browsers have DNT buttons, and Google Chrome will have one by the end of the year. DNT does not actually stop tracking. It is more of a suggestion...like the “Do Not Trespass” sign at your favorite childhood swimming hole. They can still track you, but you are letting them know (assuming they are looking) that you don't wish to be “tracked.” The buttons on these browsers are “off” initially.

In steps Microsoft with a “Do Not Track” button that is “on” by default. The advertising industry revolts! Some advertisers say they will ignore it. Congress argued about it and did not pass a law, but the Federal Trade Commission says that if they don't, the FTC might “go it alone.”

Practical “Track” Prevention

How to “Do Not Track” yourself. It is not practical to just turn off cookies. The first thing you would notice is that sites would no longer recognize you, so you would have to login with each visit. Many sites, especially those that have “subscriptions” or require a login, will not allow you in. So, we have established that you need cookies for sites you are visiting today, but how about those from yesterday? Your browser has a setting that will automatically forget the cookies when you close your browser. That means that when you visit sites from the day before they will not recognize you, but if you can live with signing in to your favorite social site each time you restart your browser, you will become harder to track. Harder, but not impossible since Flash stores a different kind of cookie that you would need to turn off, too.

I think the best solution is the Adblockerplus ( http://www.adblockplus.org ) add-on for Firefox and Chrome. You install the add-on, and it blocks most of the advertising from your browser, leaving just the content. With the blocked ads it will block most (but not all) of the tracking, but even if they track you, you will not see the ads they try to display!

Tracking: The Next Generation of Your Browser's Fingerprint

So, how will they track you in the future? Your browser has a “fingerprint.” I had a talk with Dan Auerbach, staff technologist at the Electronic Freedom Foundation, and he explained its Panopticlick study (http://panopticlick.eff.org/). It seems that Javascript, Flash and Java make a great deal of information about the configuration of your browser available to the site you are visiting. Because it makes so much information available and there is so much variation, your browser can actually be “fingerprinted,” and it probably unique. Press the button on the site and you will probably see that your desktop or laptop is unique, too.

How unique? They found over 94 percent of browsers were unique. That's close enough for advertisers! I checked different browsers on my computers locally, then used the site as an exercise in a computer security class I teach.

The class computers were an interesting case. There were twelve identical Lenovo laptops when the students received them last March. Now each one had a unique browser fingerprint!

Oddly enough, the most non-unique browser is the one on your smartphone, so, at least for now, they will not be tracking your phone with a browser fingerprint!






Related Tags

Google    Security    Microsoft
Smartphone       

blog comments powered by Disqus

More in TechZone360