The number of trackers collecting information on user’s activities online has been steadily increasing. Data brokers are companies that gather publicly available information about a user and sell it to third parties that may find it useful. These companies analyze a plethora of data, including information such as zip code, income, ethnicity, search history, to name a few examples (http://finance.yahoo.com/news/keep-data-brokers-from-tracking-you-online-anonymously-202256230.html). Some of this information is sold to marketers, employers, and government agencies. What this information is used for depends on the context. Some is used to screen potential employees, background checks, and personalize online advertisements. This has raised some unease regarding security and personal privacy.
The level of online privacy is decreasing as their is a growing disconnect between increased leakage to, and by, aggregators with methods for protection. “Leakage” is defined by Krishnamurthy, Naryshkin & Wills as any distribution of a user’s private data to a third party site. First party sites distribute information to third parties to obtain analytics catered to the user’s interests.
Krishnamurthy, Naryshkin & Wills (2011) used Alexa.com to draft a list of websites that provided users the ability for registration and signed up for accounts. They identified the ten most popular websites out of seventeen categories. Social networks based on the web was a special category because they contain sensitive information. Leakage was observed when upon confirmation of an account. When logging in and navigating through the website, private information was given to an unidentified third party server. It appeared as though it was a first party domain, but was actually a third party address. The results depicted that 56% of the sampled websites directly leaked private information to at least one third party domain. Additionally, 48% of the websites leaked a user ID to third-parties. This occurred mostly through social networks. Combined, 75% of the websites directly leaked the user ID or private information to at least one third party.
Instances of Data LeakageEdit
The Wall Street Journal was found to be passing user’s names and emails to third parties. In response, they claimed that it was done in error and they are working to correct the situation. The Wall Street Journal has a data protection policy which forbids sharing or selling personal information. The children’s site, ClubPeguin.com, tested positive for providing usernames to twelve separate companies. Disney stated that these third parties are not allowed to use the information for anything besides specified purposes, such as ad serving and traffic reporting. The receivers of this data claim they do not keep the usernames. Pandora admits to using the first half of a user’s e-mail address to track ad traffic. They use gender, age, and zip code information to provide the user with relevant advertising. This is an occurrence that exists on most websites that allow for user registration.
Methods for Maintaining Individual PrivacyEdit
If a user is looking for privacy from third parties, they may simply delete their cookies, or use two different machines to visit the same website. However, if an aggregator develops a globally unique identifier (GUID) for a user, than the aggregator is able to create linkages that relate to the user’s records regardless. This is especially possible if the user is a frequent visitor of a website and the website consistently leaks information to third parties. An example of a GUID would be using the same email address for registration across multiple sites. Moreover, there are also instances where one site leaks the GUID of a user on a different site. For example, if a user were to visit two different News sites and share a story on their Facebook, that user’s Facebook user ID is stored in the first party’s cookies and leaked from these respective sites to hidden third parties. IP addresses may also be used to create linkages without using cookies.
Federal Trade Commission (FTC)Edit
The Federal Trade Commission (FTC) is a branch of the United States government that is intended to protect the country’s consumers. The FTC is working towards enforcing Privacy by Design, an initiative that would provide privacy settings within websites and software by default. However, they have not addressed a number of privacy issues. Their official website outlines that online privacy and security is each individual user’s legal responsibility. The FTC has not assessed whether or not there are successful safeguards regarding linkage of data when economic acquisitions of aggregators occur, which is a frequent circumstance. Also, they have not looked into if aggregators in agreements with first-party sites are enforcing their policies or the terms outlined in said agreement regarding data leakage. It has not been verified whether users have the right to erase their personal data stored by the aggregators or hidden third party tracking methods.
- ↑ David Jr, E. E., & Fano, R. M. (1965, November). Some thoughts about the social implications of accessible computing. In Proceedings of the November 30--December 1, 1965, Fall Joint Computer Conference, part I (pp. 243-247). ACM. Retrieved from http://www.multicians.org/fjcc6.html.
- ↑ Singer, N. (2012, November 12). More Companies Are Tracking Online Data, Study Finds. Bits More Companies Are Tracking Online Data Study Finds Comments. Retrieved from http://bits.blogs.nytimes.com/2012/11/12/more-companies-are-tracking-online-data/?_php=true&_type=blogs&_php=true&_type=blogs&_r=1
- ↑ 3.0 3.1 3.2 3.3 Krishnamurthy, B., Naryshkin, K., & Wills, C. (2011, May). Privacy leakage vs. protection measures: the growing disconnect. In Proceedings of the Web (Vol. 2, pp. 1-10).
- ↑ Privacy and Security | BCP Business Center. (n.d.). Privacy and Security | BCP Business Center. Retrieved March 29, 2014, from http://www.business.ftc.gov/privacy-and-security