Make reclaiming your online privacy a priority in 2020
With the right tools you can continue to use your favourite sites without being surveilled
If you feel like a past web search or purchase is following you around the web in the form of ads popping up everywhere from Facebook to your favourite news sites, this is because they are thanks to these trackers. Photograph: Getty
Let 2020 be the year you reclaim your online privacy. Stop third party advertisers dead in their tracks as they attempt to follow your every move online.
The crucial thing to be aware of is that every time you visit a website, what you see is not what you get. The code that goes into making a website has several purposes: on the surface, it loads the content you can see in front of you but in the background it runs scripts and loads trackers from external sources including third party AdTech companies.
If you feel like a past web search or purchase is following you around the web in the form of ads popping up everywhere from Facebook to your favourite news sites, this is because they are thanks to these trackers.
Leaked Facebook documents showed that the social network told advertisers that it could monitor posts in real-time to tell when young people were feeling insecure
And should there be an opt-out (some third parties offer this) it usually means you are opting out from being shown targeted/personalised ads but not being offered the chance to opt out of your online behaviour being tracked.
Right now, scores of AdTech, data brokering companies and even credit rating agencies have comprehensive profiles built up about your online browsing, shopping, and socialising habits.
Each time you click or tap another tracker is activated and some more information is added to this profile, which can in most cases be linked back to an
Affecting browsing experience
A 2018 study from browser privacy company Ghostery found that almost 90 percent of all web pages load at least 1 tracker while 65 percent had at least ten, and 20 percent of all webpages loaded 50 or more.
This is concerning because it is the online equivalent of having CCTV pointed at you from every street corner but with cameras that are all connected and share your comings and goings with each other.
The end result is they probably understand your browsing habits more than you do and can use it to sell you things in creepy ways. For example, leaked Facebook documents from 2017 showed that the social network told advertisers that it could monitor posts in real-time to tell when young people were feeling insecure, stressed or in need of a confidence boost – a time when many individuals indulge in some retail therapy. A company could bank a lot of money with a convenient ad in the right place at the right time.
An extreme case from Germany: a public webpage about maternity was found to contain trackers from 63 different AdTech companies
A secondary concern is how these trackers are affecting your web browsing experience: On average, Ghostery found that websites containing active trackers took twice as long to load compared to those using a tool to block these trackers.
And there is what is known as the piggybacking problem: a website owner might only give access to one third party AdTech company but this company may give access to additional piggy backers including data aggregators who make money by compiling data on individuals from various sources and selling it on to yet more organisations.
Incidentally, Facebook isn’t even the big kahuna when it comes to online tracking. That honour goes to Google. A 2019 study on ad tech surveillance across public sector websites by online tracking compliance firm CookieBot shows that Google controls the top three tracking domains found in the course of their research: youtube.com, doubleclick.net and google.com.
Furthermore, Google tracks website visits to 82 per cent of government websites across the EU.
In response the study, Eliot Bendinelli, lead technologist with the Data Exploitation Programme for Privacy International (PI) said: “The AdTech industry is at the very core of today’s data exploitation. The industry collects, processes and shares vast amounts of data, yet operates out of the public eye.”
‘Sensitivity of information’
Privacy International is a non-profit dedicated to online privacy advocacy. It has in the past filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with the relevant data protection authorities in Ireland, France and the UK.
“[CookieBot’s research] highlights both the industry’s pernicious practices to track users and collect personal data as well as the lack of awareness of websites owners and developers in regard to these trackers. It also highlights the potential sensitivity of information that can be collected when these trackers are embedded on health-related websites.”
What Bendinelli is referring to here is the extent to which citizens are tracked by these private companies when they access health information on government websites. The study found that 52 per cent of landing pages on national health services contain third party ad tracking.
An extreme case from Germany: a public webpage about maternity was found to contain trackers from 63 different AdTech companies. You can imagine how lucrative this particular market is and the ick factor of knowing that accessing information related to your health is not private as it should be but rather added to a profile these companies keep on you.
“[The study] has exposed the firms that surreptitiously listen in when a vulnerable person goes to their government for advice about mental illness, HIV, alcoholism, etc. The list of offenders includes some of the biggest technology companies in the world,” said Johnny Ryan, chief policy & industry relations officer with privacy-oriented web browser Brave.
And if you didn’t know, now you know.
At this stage you might be starting to realise that dumping Google Search in favour of a very decent privacy-oriented alternative like DuckDuckGo is not going to solve all your problems.
It might mean that internet searches are not tracked but you still have no control over trackers on other websites. Beside which, if you have been using Google Search for years it has its good points: having your search history to hand and saving time with autocomplete via personalised predictions and recommendations.
A set of robust browser plug-ins can help with this. A good place to start is on the Electronic Frontier Foundation (EFF) website. This US-based non-profit has been in operation since 1990 with the aim of defending civil liberties in the digital world. If you only install one browser plug-in then choose EFF’s Privacy Badger.
Privacy Badger sends a Do Not Track (DNT) request to third parties including social media companies, analytics companies and advertisers. Most browsers already have their own DNT settings and a DuckDuckGo survey from 2018 indicates this is an important feature for users with privacy concerns: 32.3 per cent of Firefox users, 24.1 per cent of Chrome users and 25.8 per cent of Safari users have this enabled.
While some companies honour this request the truth is that it is not enforceable, so many don’t. It’s a bit like eschewing a bike lock in favour of a sign saying “do not steal”.
When Privacy Badger detects that its DNT request is ignored, it automatically blocks the third party, advertiser or not. You can always check the list as you browse and unblock any you feel are necessary or benign. Additionally, if there are websites you visit regularly and want to be excluded they can be added to a list of disabled sites in settings.
Privacy Badger is not an ad blocker so it doesn’t work on the principle of blocking using a blacklist; it gets better at knowing what trackers to block as you use it. It looks for three kinds of trackers: cookies, supercookies, and fingerprinting.
Cookies are the most common kind of third-party tracking tool and they are the simplest to detect but supercookies work by running a script that operates within your browser’s local storage and are therefore more difficult to detect. In order to collect data on your browsing behaviour the supercookie must keep returning to local storage and this activity is classified as tracking by Privacy Badger and subsequently blocked.
NoScript is not for the faint of heart. This browser plug-in works from a whitelist but relies heavily on the user to weed out what scripts they want blocked and what they will allow.
Not all third parties track and not all trackers are third parties. A third party like a video plug-in just wants to do its job (although YouTube loads trackers too) and ‘first party’ trackers are needed to recognise a visitor eg the Irish Times will note when you visit the website and recognise you when you return.
These scripts are not designed to track your behaviour across the web so blocking them might result in loss of functionality on the website in question.
The point is, there is a balance between blocking every tracker and script for ultimate privacy and ensuring a non-wobbly web browsing experience. You need to read up a little and learn to recognise what scripts might be essential and free them is they’re caught in the NoScript net.
What NoScript will do for you is eliminate the risk of what is known as clickjacking or scripts that run hidden elements on websites which the user could unknowingly click or tap on, triggering actions such as turning on their webcam or, worst case scenario, taking control of their device.
Now that you have these plug-ins installed visit EFF’s Panopticlick. It carries out an audit of your browser and gauges how effective your various plug-ins are in detecting tracking techniques.
Privacy Badger and NoClick appear to perform well on blocking both tracking ads and invisible trackers but my browser is not completely protected from fingerprinting it doesn’t have a completely unique fingerprint any more so the information collected by third parties using this tracking technique is less valuable to them and it makes me less identifiable.
Protecting your smartphone
If you run Panopticlick on your smartphone, you’ll see a different picture. Plug-ins are not an option but there are several privacy-oriented browsers out there that you can use instead of Chrome or Safari.
DuckDuckGo, as previously mentioned, is a good option as is the Ghostery browser, which has a focus on ad-blocking and tracker protection.
Should you choose to stick with Safari make sure to turn on Limit Ad Tracking in general phone settings and within Safari itself, switch on Prevent Cross-Site Tracking and Block All Cookies.
Finally, remember that all your other apps are collecting and transmitting data in the background. Limit this by turning off background app refresh. If this feels inadequate, then consider a VPN (virtual private network) app like Disconnect.
It protects not just your browser from trackers but your entire device. As with Privacy Badger, you can see what trackers it has blocked but it is an all-in-one app that also protects against wifi snooping and sends alerts keeping you up-to-date on security breaches. It’s not cheap: €13.49 per month or €51.99 annually, but it could be the best gift you’ve ever given yourself.