Online Tracking and Profiling of All Your Activities

online tracking & profiling

Online Tracking and Profiling: Worse than you Think and Soon to Become Nightmarish

The most evident way online tracking & profiling shows up is the online ads served to you. It can be embarrassing when showing a mainstream website to a friend, colleague or your partner only to have it display lots of invasive or even inappropriate ads.

Sometimes the ads displayed are directly related to the websites you have visited, the searches you have conducted or the products and services you have researched or purchased. This happens because the online advertisers and their multitude of digital minions know very well what you are spending time looking at, searching for, playing with, and purchasing.

Other times, it is simply because the ads fit your general profile or characteristics. For example, maybe you have been categorized as a single, upper income, 30- something. In such a case you may be targeted for ads thought to appeal to this target group even though you have no interest in them.

The accuracy of the online tracking and profiling is getting downright scary. Although the tracking and profiling firms are not supposed to have data that identifies you by name, your name hardly matters anymore. The profilers may know far more about you than most of the people who do know you by name. In short, the profilers know your online secrets. This is why the ads you get can be so specific and accurate.

The oft-quoted example is the one about these profiling firms knowing that a woman is pregnant before her own family knows. The profilers gain this insider knowledge based on the websites that the mother-to-be is browsing, the health-related articles This tracking and profiling also means that those invasive ads tend to follow you. The boss may not be so impressed when you show her a work-related article and the ads displayed side-by-side the article provide a little too much of a glimpse into things you would rather keep private. Or when you are showing your partner a recipe online and the site is also serving up embarrassing ads based on little more than your general profile or on an errant or ill-advised click you made while mindlessly browsing the web a few days earlier.

How Do They Do This?

IP Address Tracking

Your Internet connection leaves a trail of sorts that becomes imprinted on all of your online activities. This fingerprint is foremost your IP address. Browser web page requests (and your browser’s cookies), web search history, email messages, social media activity posts and much more will normally all leave behind remnants of your IP address in one way or another.

Once someone has your IP address and has linked you to it, they can easily target you for purposes that range from the annoying, such as building a profile about you that marketers and data miners can track and exploit, to the alarming, such as snooping on what you are downloading or making targeted hacking attempts against your devices.

Cookies, super cookies, flash cookies, bugs, beacons and a variety of third party elements (TPE) can be used to determine your IP address and then be cross-referenced and linked to your email address(es), social media profiles and other accounts.

To see how you are tracked by your IP address, go to https://www.cogipas.com/whats-my-ip/. The sites listed there demonstrate what is just the tip of the iceberg about the kind of hidden information that your web browsing activities reveal. Increasingly, your online digital fingerprint is being determined by other factors too.

Device Fingerprinting

The technology used for tracking you online is already moving away from IP addresses to other more sophisticated means. This trend is on the rise because the trackers and profilers (and other snoops) want to follow you across all your devices as most of us are now using more than one and many of us are using three or more devices.

In addition, some of your devices, such as smartphones, don’t rely as much on IP addresses. But even on IP-driven devices like desktop computers, laptops and tablets, the tracking is no longer relying on IP addresses alone. Now, the combination of the browser, plugins, apps and fonts installed on your device can themselves make for as unique an identifier as your IP address. This technique is called device fingerprinting. When combined with more traditional IP address tracking, the results are even more accurate.

They are Following You Too

The tracking has become so smart and pervasive that you are now tracked across your different devices (your desktop computers, laptops, smartphones and tablets, both at home and at work). The tracking also works across all the operating systems your devices use (whether Windows, Android, Mac O/S, iOS or Linux).

It used to be that the activities you undertook on your different devices were tracked independently and sealed off from one another. So, maybe it was okay to use your home desktop computer for more sensitive web browsing activities. But that’s no longer the case. Now the online tracking and profiling has become so good at cross-referencing the data that all of your activities, even across different devices, locations, operating systems and platforms, is all merged and combined into a mightily accurate and comprehensive profile.

This is also why potentially invasive ads now follow you from your desktop computer to your laptop, to your tablet to your smartphone, whether at home, work, in transit or on vacation.

Add it all up and the trackers and profilers can follow you across all your devices all the time, anywhere, and they don’t have to rely solely on your IP address. The Electronic Frontier Foundation’s Panopticlick website at https://panopticlick.eff.org/ aptly illustrates this point.

But Online Tracking is Even Worse Than You Think

I’m afraid the reality is far worse than that. Even if targeted ads are the most visible use of your profile, they probably represent its least intrusive use. If advertisers are able to use your profile to serve up extremely personalized ads and calls to action, imagine what else is being or can be done with your profile that you never even see?

Also, a little voice should be telling you: if the tracking and profiling firms have this information and are providing your profile to online advertisers, who else are they offering it to? And for what purposes?

There’s a fear that governments, insurance companies, financial institutions, employers, or any third party might also be making use of such information for their gains. For example, your profile could be used to determine:

  • whether you represent a subversive risk to your government
  • whether you might pose a risk for drug or alcohol abuse or whether you may not be quite the “right fit” for a potential employer
  • whether you qualify for a loan or insurance coverage
  • the variable price you are charged for goods or services (different prices being displayed to different people for the same products or services)
  • whether you should be accepted as a member to a club or society
  • whether you are a suitable match for a potential mate
  • the possibilities are endless

In fact, it may only be a slight exaggeration to say that our profiles and the data used to build them are becoming a substitute for blood, urine, and genetic testing. However, unlike the tightly regulated testing of these substances, how and by whom your online profile is used is still the Wild West; anything goes.

A related symptom of this phenomenon is the alarming trend of employers asking job candidates for their social media passwords. Currently this takes the form of the potential employer asking for the password directly and poking around your social media account or by asking the job candidate to login with the scrutinizing employer taking a look.

The Shape of Things to Come

Furthermore, building on the example above, any kind of physical presence is probably already unnecessary. Now, the potential employer (or whoever) need only send a link or app to the target subject and, upon them providing consent by a simple click (if you don’t accept you cannot be considered for the job) or perhaps even without any express consent (such as a beacon embedded in the job application page itself), the target’s metadata and profiles are near instantly accessed and cross-referenced allowing the employer to make a decision on the candidate’s suitability. This could happen just as easily for medical insurance coverage, financial products, dating websites, any goods or services; it’s all coming folks.

The richness of the profile information being harvested, cross-referenced and bundled is staggering and can already provide a good predictor of who would be a reliable employee, insurance customer, borrower, customer, client, mate and perhaps even citizen. Never mind a sample of your blood, urine or genetic material for testing, you may be evaluated based on your online profile.

Top Tip – To get a sense of this check out sites such as Cambridge’s Apply Magic Sauce http://applymagicsauce.com/ and MIT’s Immersion https://immersion.media.mit.edu/. These sites analyze your Facebook likes and email metadata, respectively, and present you with sometimes very interesting results. These demonstrations give you a small glimpse into how online trackers and profilers may be using the same information.

What’s worse, if you are rejected or discriminated against on the basis of your profile (information that, I hasten to add, may be based on completely wrong information), you may never know it, let alone have an opportunity to correct it. This could translate into a lost job opportunity, being rejected for insurance or a loan, paying a higher price for goods or services, being deemed ineligible for a membership etc.

The current reality may not be this bad yet, but sooner or later all of your online habits might find their way into your profile(s) and have consequences that you may never have appreciated or even become aware of.

Do you really need any more reasons to keep your online activities private and your digital profile as protected as possible?

The good news is that these risks are preventable, at least mostly preventable. The bad news is that though the basic steps to reduce these risks are easy, the tracking is difficult to completely prevent and will only get harder to prevent in the future.

Related:

 

September 3, 2018

Leave a Reply

Your email address will not be published.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}