8 replies to this topic

[iamlost]

There is a fascinating article by Nik Cubrilovic, Logging out of Facebook is not enough, which details how FB tracks registered users around the web.

While it is well worth FB users reading and understanding the extent and consequences of (and defence against) the FB widget web I thought it worth mentioning that tracking by widget or app is not restricted to FB. Or even to sites requiring registration. Nor is the idea or it's practice new.

Let us take that most open innocuous type of site, the information site, that wants to better (more accurately) segment it's audience, better target conversion offerings, etc. No registration required, come one come all.

Create one or more widgets/apps that complimentary sites (even competitor sites ) will be willing to insert on their pages. Include a cookie or other identifier. As the person browses about the web each time they visit a page with the widget/app it collects, stores, and should they finally show up on the widget providers site drops data. Depending on the reach and saturation of the widgets/apps the additional information could be marginal to definitive.

Should the site be (or be affiliated with) an ecommerce site real personally identifiable information can be combined with previous browsing history enabling highly targeted followup and up-sell opportunities. As with FB one could, at a minimum, better target one's direct sale ads for improved performance and so justify higher rates.

Remember several years back when javascript was being used to read CSS visited link colour of a preset list of URLs? Well the methods have become far more complex and pervasive since then. The above is but the tip of the current visitor data tracking/mining, the naive olden days.

And it is only going to become deeper and darker.

[jonbey]

I never log out of Facebook

[A.N.Onym]

"Important Update: Facebook has responded and issued a fix for this issue. See the follow up blog post "Facebook Fixes Logout Issue, Explains Cookies"".

But thanks for a reality check, iamlost. We can never be too careful about hiding ourselves amidst the bushes.

[Black_Knight]

can never be too careful about hiding ourselves amidst the bushes

Hey, that's not the 'use of flash ' people mean, Yuri :nah:

[iamlost]

Re- the FB 'fix': when is a fix not...?
While the a_user cookie is now destroyed on logout (for the moment) and FB says it did not store or use any information it should not have :rofl: the other cookies remain as were; the logged out tracking is less robust but remains.

However, my real point was not FB but rather to use the story about FB to point out an increasingly pervasive behaviour by businesses. Did you know that dictionary.com is a major offender? A visit there loads hundreds of cookies most from various tracking networks building profiles for sale (yes, dictionary.com 'sells' cookie dropping).

I suppose you think the purpose of the like, tweet, or +1 buttons are simply promoting a social activity without ulterior motive? Ha.

Add in the associated rise of persistent cookies and similar objects...

Marketing has it's own grayscale ... and it is far more insidious than ye olde SEO headwear.

[jonbey]

Oh, +1 must be everything but (or almost everything) social. It's going on adverts. I cannot think of a single benefit to publishers and yet we are expected to have them. The benefit is for Google - to provide more targeted advertising. This, in my limited experience, does not always means the best adverts for a publisher. Increased CTR and reduced CPM can result when a user sees the naff adverts that he likes.

[iamlost]

And it just keeps on getting funner...
Amazon's Silk looks creepily Phorm-ulaic by Andrew Orlowski, The Register, 29-September-2011.

...the Silk privacy policy is complex and contradictory. It's far from clear whether a Silk user's HTTPS traffic is also intercepted... The device's MAC addresses will be discarded, along with other identifying information, after 30 days. That strikes me as a moot point: Amazon already knows who you are. After 30 days, Amazon will have all the behavioural data it needs.

"If you buy a Fire device, think carefully as to whether your privacy is worth trading for a few milliseconds faster web surfing experience," suggests Wisniewski.

The reason that the Amazon Fire 7-inch tablet is listed at $199 is that it is highly subsidised. So much so that it likely will obliterate non-iPad competition or at least cause them to hemorrhage cash. Yes, that might be reason enough to low-ball a product and is Amazon historic practice.

However, given the Silk proxy server data collection ability I see this as a two for one: data mining par excellence and competition elimination. Given sufficient better targeting I suspect that if given appropriate credit the Kindle Fire will actually show a profit per unit rather than a loss.

[A.N.Onym]

This gives buying a tablet a whole new dimension of thought

Now, don't other tablets do the same? I'd expect Apple to do something similar for itself, without selling it to anyone, too.

Edited by A.N.Onym, 29 September 2011 - 09:43 PM.

[glyn]

I run ccleaner when I'd rather not be tracked.