Saturday 08-06-16

Sites Spying on You in Weird New Ways, Princeton Study Exposes

Stop "clearing your cookies."
The classic advice for the privacy-minded to protect themselves from internet trackers and targeted ads on websites doesn't work very well against the newest breed of sophisticated snoopers who are spying on you using everything from your iPhone's battery status level to the kinds of fonts installed on your browser, Princeton researchers say in a massive new analysis of 1 million web sites, the largest of its kind.
The "trackers" find out what kind of person you are, and then serve you targeted ads. If you visit those sites, data about you is gathered up and resold to other marketers. You read the news for free (sometimes) and someone gets paid to write it, and funny cat picture sites get their server costs covered.
But the trackers are also used to build profiles of consumers over which they have no control.
"Several features of the web...are being used or abused, depending on how one looks at it, by these tracking companies and various entities in the ad tech ecosystem," said study co-author Arvind Narayanan, an associate professor of computer science at Princeton. "They're being used in sneaky ways to track where users are going across the web."

advertisement

The Princeton researchers scoured the internet's top sites and found signs of aggressive tracking. Two of the top sites each had over 81,000 trackers on them. Most of the tracking, however, was consolidated among a few giants. Google, Facebook, and Twitter were the only third-party trackers present on more than 10 percent of the sites.
While consolidation in the ad market is understandable, security professionals were alarmed by the more "esoteric" methods of tracking they uncovered.
These new techniques form a kind of "browser fingerprinting." Even if you're doing your best to clear your cookies and always fill out online forms using the name "Sir Fluffius Hottentot," sites can still identify you using these more discrete markers.
"It doesn't involve putting a cookie on the computer. It doesn't go away when you clear your cookies," said Narayanan. "Any time the company encounters you online they're going to know it's one particular device because your device behaves the same way."

 

The exact list of fonts you've installed can be a data point. How exactly your browser processes audio data can be another. Always resize your browser window to a certain point? That's another tell. Even your battery status level.
That last one could be used to unmask users who think they've taken steps to hide their web history.
"If your browsing one website and browsing another anonymously and the same tracker is embedded on both of those, the tracker can read your battery level and discharge rate and see both changing at the same rate," said Narayanan.