Steffan Heuer and Pernille Tranberg are authors of the book "Fake It: A Guide to Digital Self-Defense." They cover technology and privacy issues in San Francisco and Copenhagen. In this series, Digital Self-Defense, Heuer and Tranberg report with updates from the digital identity wars and teach us how to defend our privacy in the great data grab going on all around us. Follow them at @FakeIt_Book.
On the Internet, everybody knows the fact that you love dogs. Or that you date members of the same sex. Or that you take a keen interest in treating depression. They know because social networks, apps, ad networks and plenty of other companies and software exists solely to track you.
When you click over to Gawker, you're not just entering a world of gossip to satisfy your curiosity. You're also stepping into a world of massive surveillance where details about you are picked up by complete strangers. Reading a story entitled "My Dad Found Out That I’m Gay Through My Blog" tells Google and Facebook, two ad networks and eight other companies that in some way or another you have an interest in homosexuality. Even when you decide to sign up for the Obama Campaign website, do your name and email address not stay there but end up with third-party tracking companies.
If you've just posted something on Facebook and leave the site to read a Huffington Post story, say on pro-lifers and banning gay marriage, you may think you're free and clear as you're no longer reading from within Facebook. But that's not at all the case; you are still letting the big web services spy on you from their own domains. That’s because the websites you visit next relay what you are reading back to Facebook, Google and Twitter through embedded social buttons. You don't even have to click on them.
You probably know that Google tracks what you search when you type a search term into the window. But did you know that Google has its tracking code enabled on all sorts of other sites that use for searching within—for example, on the sites of government agencies such as IRS and the Postal Service, capturing what terms you search for when you’re looking for what forms to file or what zip code a particular address needs? For the average Internet user, this adds up to an interaction with well over 100 trackers per day.
Using pseudonyms online is a good start to protecting the Real You, as we described in the last column. But it's not enough to fight off the fully automated tracking of your habits and behavior on almost every single website. Protecting your data from these omnipresent trackers is Level Two of digital self-defense. We need to know how to block the trackers.
Why is this in your best interest? Publishers, e-retailers and the ad industry in particular will tell you that tracking is in your best interest. It's all about personalization and serving you the content and services you're interested in. Targeted advertising is what makes the Internet free, right?
All those digital trails you leave around the net form a puzzle called your identity. These bits are stored, combined, mined and sold without your knowledge or say. This identity is valuable, to you and to others. Insurance and pharmaceutical companies would love to know what diseases you have researched. Advertisers want to know what you shop for so they can serve targeted and retargeted ads—ads which focus on all the things you have already expressed interest in, even if you never bought anything.
If you care about your privacy, and you don’t want your search terms to be monetized, install a tracking blocker like Ghostery.com on your browser. Then go to Selectout.org and press “opt out.” This app will not only stop the trackers from following your every click online, it will show you just how many are at work while you are surfing. Let it go for a while, and you will see that you are opting out of dozens or even hundreds of tracker.
Remember, though, that opting out is tied to only that browser—and that computer. Every time you change computers or browsers, you’ll need to start again. Companies perpetually resetting cookies and other tracking code for just this reason, so you will have to opt out again and again and again.
What users may dream of is a service like Do Not Call, which is pretty effective in stopping solicitation on the phone; something like, say Do Not Track: a tool that you can activate in most browsers. Do Not Track uses an HTTP header to signal to a server that a user wants to opt out of being tracked. Sounds good in theory, but forget about it protecting you. It only offers a bit of protection against targeted ads, but not tracking in general.
Why the false label? Because DNT is in essence a stalling tactic by the ad industry. There is no common agreement between companies and regulators on what it means, nor is it mandatory for trackers to respect your preference. Right now, turning DNT on in your browser settings is like Lindsay Lohan sporting a bumper sticker on her car asking for privacy while driving through Hollywood. Almost all companies operating online today blatantly ignore DNT settings, and are lobbying to keep it that way.
Opting out under DNT, in short, leaves so many loopholes that it is useless. It does not prevent companies from tracking you, and even if they were to respect it, it still allows them to collect data for vague purposes such as product development and fulfillment, whatever that means.
That's why you should install one of several blockers once you've run through the opt out routine. Besides Ghostery, there are browser extensions called Disconnect.me, Do Not Track Plus and, most recently, the excellent Privacyfix (currently only available in Chrome). The latter runs you through a thorough audit of your data leaks and fixes them, even drafting data deletion requests to companies whose code lingers on your machine.
These blockers all perform the same crucial service. They are the muscled bouncers in a world where your data is up for grabs every second and your right to opt out has been buried under service agreements and technical loopholes. Blockers keep social networks, search engines and tons of ad networks and tracking companies from snooping on your online life. You, too, should protect yourself with some muscle before you venture out on the Web.
Illustrations by Jeff Pastorek