We know where you’ve been on the Net, and we don’t need no steenkin’ cookies!

Posted on by

searchglassI’m not overly paranoid about people knowing where I’ve been on the Internet; I’m aware that it’s pretty easy for a website to feed your browser ‘tracking cookies’ that can be used for marketing and advertising purposes, and these can then be picked up on other sites, thus providing a path of footsteps that you have followed online.

Which is why I clear my cookies regularly, and set my browsers to only accept cookies from sites that I want to accept cookies from.  But I can see that in some parts of the world, your browsing history might be of great interest to Government and Law Enforcement, and I’m sure that many of the larger online retailers would love to get their paws on a good, reliable and hard to circumvent method of looking at what common interests people have.  For example, even if you’re anonymous, it can be of great use to companies to know what sorts of sites you visit, because you can then use data mining techniques to derive information on what other sites or products you might be interested in.  For example, if you’re an Amazon user, you’ll be aware of the fact you get recommendations of the ‘We see you’re interested in x.  Other people interested in x also bought y and z’. 

Now…let’s take this a little further.  I was browsing around the other afternoon and came across this site.  Give it a try – it’s under the auspices of the Electronic Frontier Foundation.  I don’t know what it came back with for you, but my ‘fingerprint’ was pretty darn rare – I guess it’s inevitable because of the various things I have installed on this  computer for work.  The site looks at the information sent by your browser to the site, and uses it to derive a ‘uniqueness’ factor – a sort of tag.  For an out of the box installation of an Operating System then I’d expect that there would be quite a few people whose finger prints are essentially the same.  But the more you tweak and configure and install stuff on your PC, the more unique it gets….to a point at which it can identify your PC uniquely, with very few errors.

And all this without it ever putting a cookie anywhere near your PC.  Now, there are ways around this – there always are – but they’re not the sort of approaches that the average man or woman in the street would take.

So what sort of ‘advantage’ would such a technology offer online companies, Government and the Security Services?

Now, this is pure supposition – I have absolutely no evidence at all that this is happening or is likely to happen…but let’s pretend.  We’ll assume that a number of large online companies have collaborated on sharing this fingerprint data – basically you visit a site or even a page – or maybe even do searches for certain subjects – and your electronic fingerprint is tagged on to that fact.

Scenario 1.  You do a search for information on equipment to help you avoid speed cameras.  Later that day you go to buy car insurance.  The insurer does a quick check on your ‘fingerprint’ against topics of interest to it – including sites offering legal advice for people caught speeding and also sites that inform or advise on speed traps.  You show up – you’re declined.

Scenario 2.  You’re interested in computer hacking – maybe even researching a book.  You visit a number of sites of interest, look at books on Amazon and such.  A few weeks later a major ‘hack’ happens and the authorities look at the electronic fingerprints of everyone who may have researched the topic.  You will show up.  This fingerprint is then circulated around ISPs who note that it is one that is associated with your Internet account.

Scenario 3. You’re gay in a country run by a repressive regime.  You visit web sites where the fingerprinting is being done for commercial marketing reasons.  The security services of your country get hold of this data, either by buying it or stealing it, and run a check of those fingerprints against the ones that are on file with the ISPs of that country.  You will find yourself in major trouble.

There are ways around this technique – it’s easy to go through proxies, and possible to strip all this sort of identifying data off of the packets that go to web sites.  And people who’re genuinely worried (or have reason to avoid this sort of inspection) will no doubt be doing this.  But for the vast majority of people this simply would be yet another means of intrusion in to our private lives.

Leave a Reply

Your email address will not be published. Required fields are marked *