Tag Archives: privacy

Who is looking at who

Analysis of website usage is a huge part of understanding how to improve websites, how to give visitors a better surfing experience and how to maximise the time a visitor spends on a site ( potentially purchasing items while they are there ). SEO, or search engine optimisation, goes hand in hand with site analysis providing the initial lure in getting users to your site. A successful marriage of the two is what makes a great surfing experience.

There are 2 parts to analysing website usage. The first is to analyse the log data that is collected by your web-server, using discrete applications like Webalizer and Awstats, or an external system like Piwik or Google Analytics. The latter two options require you to add some tracking code to your website pages which triggers each time a visitor hits that page. These systems provide information such as visitor demographics, which pages are hit most often and what browsers or versions of browsers your visitors are using.

Traditionally though, most of the tracking by website owners is done using cookies, a small piece of information that is stored locally in the browser when visiting a website. The cookie can potentially store any kind of information including personal details that you’ve entered into the site, browsing preferences and browsing habits. The privacy issue raises its ugly head here because it’s unlikely that you would have been asked permission by the website to store this information. Cookies are generally harmless but due to their inherent nature, they can be used for harm too. On the other hand, using cookies can help your browsing experience. It’s a balance that tips one way or the other depending on which site you’re visiting. You can of course turn off cookie processing by the browser per site or globally in most browsers these days.

A new system ( amongst a number of competing options ) called DoNotTrack has become the standard in current browsers and allows a website to understand that it should not track your usage on a specific site. It’s implemented in an http header field and is currently undergoing ratification by the W3C. Chrome is the only browser out of the current crop that does not support DNT but it should be coming shortly.

The only issue with DNT is that it’s an honour system where the website has to voluntarily take your DNT status/request into consideration and action it. That’s not to say all sites will. And the web-server itself needs to support DNT for this to work in the first place. So DNT is not perfect but it’s definitely a start.

For more information on DNT, take a look at the Mozilla and DoNotTrack.us sites.

So to the title of this post – you’d be surprised how much information is being collected about you as you trawl the web. In fact it is quite scary. How would you know? Install an add-on called Collusion in your Firefox browser and you’ll be able to see the cobweb of links that are created as you surf. Collusion allows users to see which third-party advertisers are monitoring their activities across the Web, by creating a real-time graph of these tracking cookies. The graph shows the sites you have actually visited, each represented by a circle with a halo around it, with lines connecting it to cookies the site or its advertisers have placed on your browser, each indicated by a grey or red circle. The red circles represent behavioural tracking sites, which monitor the links you click on, content you view and searches you make. Grey sites are non-behavioural trackers, but may still follow you around.

Not only is tracking an invasion of privacy ( that you may or may not be concerned with ) but it’s also a serious security threat. Many companies are storing huge amounts of data about many people on the web. That data could be compromised by crackers or an insider could use that information to gain competitive advantage outside of the tracking company’s immediate mandate ( eg. blackmail ). There are many scenarios where tracking data can be a bad thing.

Consider an average day where you are photographed and surveilled by cameras, you clock into work using your electronic keycard and walk through your business place, browse the internet and send emails, purchase food and other household items, and rent your movies and music online. Your mobile phone has location-based GPS and provides location-based services. These in turn are integrated with online social services. Your car’s internal GPS stores information about where you’ve been ( and where your home is ). Every single facet of your life is being catalogued and analysed, mostly in a bid to provide more focused sales and tailored services. But nefarious parties also have access to this data and that’s why we need to be more vigilant in what we do online and in our daily lives. Online banking fraud, predator stalking and physical harm are just some of the serious issues that can occur as a result of information that has been collected about us.

Privacy is something that is entrenched in our constitution ( and those of many other countries ), yet our online and electronic presence is mostly treated with little focus on privacy. It’s a worrying state of affairs. DNT is just one tool that can make your life that much more secure. Hopefully many more websites will start incorporating DNT policies into their systems, honouring the privacy that is your due.

Digital rights and your personal freedom

“We live in a democracy. Or so they told us.”

If you take a look at democracies around the world today, you’ll find governments that behave in a completely undemocratic way. One just has to look at the lengths the US has gone to, in undermining the Bill of Rights in the pursuit of terrorism ( well that’s the drivel the American people have been fed ). The freedom and liberties that are our due, per the constitutions that our countries are based on, are just tokens. The internet then, with its global-spanning tenet of freedom and open community, is an unbridled proverbial thorn in a lot of governments’ sides. It was easy 10 years ago to monitor telephone calls and snail mail. But electronic communications have changed this –  voice is now data, and data can be moulded into whatever you want. It’s no longer enough for the government to have systems that can intercept telephone calls through telcos; they now need to have access to data travelling through ISPs as well.

Everything you do on the internet can be intercepted, classified and interrogated. ISP’s are at the leading edge of the fight to resist government intervention however, there’s little they can do when laws are passed that legalise the the interception of personal data.

And if you look at a lot of the laws being passed around the world in democratic countries ( in the name of copyright control for example ), you’ll see that your freedom and your data are no longer your own. Big business ( read Hollywood studios and music producers ) have sold everyone a fat lie. The US government buckles under the pressure of sustained lobbying. They push for local sanctions against copyright infringers and then extend this through global treaties like ACTA and other laws. Internet censorship is not limited to the typical countries you would think of like China and Iran ( eg. China’s Great Firewall ). The US is doing similar things to what restrictive governments are doing, while at the same time condemning those governments. The UK government has a bill on the table ( Communications Data Bill ) that will allow them to read any email you send through your ISP. Australia have implemented a blacklist of sites that ISPs have to filter ( well they tried and failed ). Many other western democracies are enabling similar projects under the guise of protecting their citizens.

But that’s all it is: a guise. Our constitutions guarantee our freedoms and our governments take them away. So it’s important to understand the facilities you have at hand to protect your freedom and privacy while working online.

  • Always use https ( instead of http ) for websites if possible when surfing – this will encrypt data between your workstation/device and the target website. Your bank will use this automatically for online banking.
  • Make use of a privacy tool like Tor/Privoxy – this will obfuscate your web surfing data including dns queries
  • Do not expose personal details about yourself online, especially on social networking sites
  • Bittorrent is increasingly being monitored by copyright control companies; use alternate methods for downloads like https-based news systems
  • Use an encrypted  SMTP service ( also known as TLS ) for sending email

You can also monitor sites like the Open Rights Group that provides information on the attempts of governments around the world to censor and control internet usage. Moral of the story: stay safe and be careful what information you put on the internet.