We have all heard by now of the massive surveillance being conducted by the NSA and other governments across the world. China is a well-known anti-privacy country and others have decided to also spy on their citizens’ social network activities amongst other things. The Internet censorship trends are getting pretty bad.

Privacy has been dealt a severe blow with the advent of technology. Before all the high-tech stuff we use today, government agencies had to physically tap our phone lines and/or bug our homes, social gathering venues, plant moles in political groups, and this all usually happened with some level of judicial/government oversight and legal process, i.e. warrants, etc. It wasn’t perfect and there were atrocious violations of people’s freedoms and rights, e.g. the infamous COINTELPRO FBI program, but these actions were probably easier to spot and not as pervasive as they are now. With the advent of technology, all bets are off.

Widespread surveillance can now be done without anyone ever coming near you and can be done at a larger scale with computers. Most of us use technology in one form or the order: we have email accounts running on remote servers (gmail, yahoo, etc), we send text messages, use cell phones, voice over IP (VOIP), Skype, interact with social networks, upload pictures online, online banking, pay bills online, etc. Technology has become the backbone of society and it looks like there is no turning back.

While the government spying is something that should concern us and prompt us to take action to stop it, therein lies a hidden threat most people have completely overlooked: the private sectors gathering of data.

Everyday while you surf the web, there are tens if not hundreds of companies tracking you as you jump from site to site. We will focus on one of the biggest collectors of data – Google. You are probably saying to yourself now: “This is BS how are they tracking me? I use them for search and email only and then only visit other non-Google properties online after I have logged off from Google, this can’t be correct”. Well my friend, I hate to break the news to you, but they probably are. They have created software that gives webmasters tracking ability for free. Some of the data webmasters have access to when they install the Google Analytics code onto their pages are:

Who is coming to their site What technology they used to get there, i.e. mobile Safari iPhone browser, Android device, desktop browser and desktop type, etc Demographics Region of the world Time on page(s) Unique visits Returning visits Actions taken on the page (this has to be programmed against Google’s Analytics API)

There are lots of other data points it provides that would probably scare your pants off.

Now, this is not to say that the webmasters are evil and selling us out, they may just not be aware of the implications and know of no other alternatives (we use piwik on this site and host the data on our servers). Webmasters have a genuine need to know how many people are visiting their sites and what parts of the site people are engaging with most so that they can make the site better for their users. Webmasters in general are using the data to make better decisions as to how to evolve their site. They can also share the traffic numbers with advertisers to help them earn some money from advertising partners. This is what allows a lot of stuff on the web to remain free. The problem lies with the Analytics providers — Google in this particular case.

Analytics providers can store what are called 3rd party cookies on your computer for different purposes (if you interested in watching a short video on how 3rd party cookies work you can view this 3rd party cookie video). These cookies travel with you all throughout your web surfing day(s) and can be accessed by these Analytics companies when you visit other sites that have their Javascript code imbedded into the webpage. For instance if you visit the Huffington Post (which as of this writing uses Google Analytics), then leave them and go over to the LA Times (which also uses Google Analytics), this all potentially gets recorded in a bunch of 3rd party cookies that Google can access and correlate with other cookies they have placed on your machine. This helps them build a better profile of you, which then can help them with their targeted advertisements to you. They can also sell this in some form to other parties. In addition, having this data makes it a desirable target of government agencies and saves them from having to collect the data on their own. They can easily obtain this data under extreme secrecy and the details of their data requests will never see the light of day. The number of requests are a secret, just the numbers, what they are actually getting will probably never be revealed.

Many other companies unknown to most do this, but some other well-known companies like Facebook and Twitter also do the same thing. Seen any Facebook Like buttons on pages you have visited? Twitter tweet buttons? Google +1 buttons? All these buttons are code running on the website that can be potentially tracking you across the web. This may not concern some of you, but remember lots of these analytics are running silently across the web, and yes even in porn sites. If you are into that kind of stuff just be mindful of that.

Another group of people collecting data about us are the places we tend to shop online. Ever wonder how Amazon.com could recommend those books you just saw in your inbox? How Netflix.com knows what kind of movies you might want to watch next? Now I am the first to admit, some of this stuff is actually useful and I like to see new books recommendations in my inbox for stuff I might be interested in. Lots of the time they provide real value for me. But this is something people should know about when they use these services.

The last group of people we wanted to talk about are offline entities, i.e. your banks and credit card companies. These guys have lots of intimate data on us: our spending habits, times and dates we have purchased stuff, where will purchased the stuff (online/offline), wire transfers we have made, and of course how much money we have with them. This is an incredible amount of information that can be harvested for lots of different kinds of indicators and analytics. Larry Ellison, CEO of Oracle Inc, talks about this in this clip (starting at 2:37, we do not agree with him totally):

The part that scares me the most is them knowing exactly what it is you like to buy and from who. I have nothing to hide but that is not a permission slip for my life to be an open book. As we get closer and closer to a cashless society, this will be in my opinion, a potential weapon used against people if the wrong kind of legislation gets in that makes this data available to the Government (if a law does not exist already allowing them free access to this information without a warrant) or is openly shared with insurance companies, creditors, etc.

What can be done about these web based intrusions to your privacy?

How to protect your online privacy

The first tool you want to have in your arsenal is Ghostery. Ghostery shows you all the invisible web trackers running on websites and gives you the option to block them if you want. The site has a very good video explaining how it works. One word of caution though: some sites may cease to function 100% when it is turned on. So if you install it and see that some sites are starting to break, you can temporarily pause it while visiting that site if you wish.

The second tool on the list is DoNotTrackMe. This provides more protection and functions similar to Ghostery. This tool gives you a bit of more information. It shows you how much blocking has been done for you over time and it distinguishes between the kind of trackers it finds on sites: social trackers (Facebook, etc) or regular trackers (Google Analytics, etc).

These are essentially plugins that deal with stopping trackers running in websites on your desktop computer. Another thing you can do is use private browsing that exists in most modern browsers. The Firefox browser says the following about its private browsing functionality:

“In a Private Browsing window, Firefox won’t keep any browser history, search history, download history, web form history, cookies, or temporary internet files. However, files you download and bookmarks you make will be kept.”

This functionality is great for blocking normal cookies largely (some more devious cookie methods exist that may be harder to prevent until browsers evolve) but there are set of cookies that bypass this and those are the Flash based (Local Shared Objects LSO) cookies you might get from sites like YouTube.com or any other site using Flash. Howtogeek.com does a great job of covering this and all the steps you need to follow can be found at How To Remove Flash Cookies From Your Computer. There are also Silverlight cookies (sites like Netflix use this Microsoft plugin) and they can be deleted by following the instructions here.

As far as mobile platforms are concerned, i.e. tablets and smart phones, we will have to resort largely to private browsing or downloading Ghostery for instance on some of these mobile platforms.

“Anonymous” browsing in the age of spying

If you want to go a step further, you may want to look into the Tor project, Proxy servers, and alternatives online services that provide for better respect for user privacy. This link has a comprehensive list of alternatives tools and measures you can take to protect your privacy. You can go all the way and just use open source software or free software like GNU Linux etc., or you can just pick and choose what you want to use according to your needs.

Final words

In this age where high-tech is being deployed as a spying tool by some of the world’s most sophisticated groups, it is virtually impossible to full proof yourself against the plethora of techniques they have at their disposal. These people hire some of the brightest people in the world, ranging from mathematicians to super computer geeks to crack and track the world. Private companies also hire the smartest people money can buy and then provide great incentives to webmasters and the rest of us to participate in our own undermining. All we can do is take action to protect ourselves privately and openly protest them politically, or just re-invent the way things are today and think out of the box. We refuse to believe in binary options, we can decide what the future will be and the options are infinite. It is a shame that all that people have fought and died for in WWI and WWII, i.e. freedom and democracy, are now being trampled on by government and the private sector.

While there are no full proof methods today to protect us, we should at least try to use and contribute to what is available today. Just because this is the norm today does not mean it should be the norm in the future for our children. Let’s stand up and do our part.