Archive for February, 2009

First post

February 26, 2009


This blog is a companion to the service with the working title,  

These passages are from a passionate article about the state of privacy protection for online consumers.  It included a nice summary of some of the technical underpinnings of the privacy debate.  As the project proceeds, I can figure out what I agree with in here.

Today, there are many more methods through which users can be tracked, profiled, and monitored in the online world.  Cookie technology has matured—cookies are widespread and new uses have been developed. Entirely new technologies have emerged as well, some of which are all but unknown to consumers.  Few of these methods are regulated, either internally by industry or externally by government. Without privacy legislation to protect Internet users from improper use of the information collected on the web, companies are unlikely to voluntarily cease privacy-invasive practices.


Surfer Beware I discussed an Internet tracking technology over which there was “a great deal of controversy”—cookies.  It found that about a quarter of the most frequently visited web sites used cookies. Today, many websites use cookies for one reason or another. In addition, there are several new wrinkles in the use of this tracking technology.

Third Party Cookies

Today, websites that a user explicitly visits are not the only entities which place cookies in your web browser—many web sites contain advertising served by outside commercial providers, and these providers may also send a cookie to your browser.  These are known as “third party cookies.”  Some web browsers, such as Firefox allow users to block third party cookies.

Many web pages today have arrangements with third party ad servers that serve advertisements to their pages.  For example, the MSN Privacy Statement lists two dozen third party ad networks that may place cookies in a user’s browser.

Privacy policies (such as MSN’s) tend to frame these third party cookies as a benefit to the user, allowing advertisers to “deliver targeted advertisements that they believe will be of most interest to you.”

Persistent Cookies

A persistent cookie is one that remains on a user’s computer after she has quit the browser.  These cookies can be used to set and remember a user’s web site preferences, settings, and passwords from one browser session to the next, but can also be used for tracking and monitoring purposes.  A troubling recent trend is to design these cookies to remain not just for many browser sessions, but for many years.  Google’s search cookie, for example, will not expire until January 17, 2038.  This kind of long range tracking of users raises significant privacy risks.

Web Bugs

A web bug is a graphic on a web page that allows tracking and monitoring of visitors to that page. Web bugs are usually invisible, “clear” images only 1-by-1 pixel in size. They are capable of transmitting, back to the bug’s originating server your Internet Protocol (“IP”) address, the page you visited, the time you visited, browser information, and information from existing cookies in the browser.

Web bugs are sometimes used for the innocuous purpose of counting how many times a particular page is viewed and gathering statistics about browser usage and web site usage. There are, however, much more invasive uses, such as compiling a detailed web-browsing profile of a particular user.  Web bugs are designed specifically to be secret and invisible.  Many Internet users today are aware of cookies, and may perceive them from the appearance of visible advertisements.  There are also tools to manage cookies. Web bugs, however, can transmit information and set cookies even when there is no telltale banner advertisement on the website tipping off a user that information might be collected about them. Furthermore, just one “allowed” cookie from an ad network opens the door for all web bugs within that network to collect browsing information about that user.  With companies such as DoubleClick, providing advertising to countless web sites, this risk is significant. For instance, if a user with a DoubleClick cookie in their browser loads a web page with a DoubleClick web bug on it, that bug can grab the identifying information in the cookie and transmit it back to the server along with the other information collected by the bug.

via Privacy Self-Regulation: A Decade of Disappointment.



Yahoo To Anonymize Logs After 90 Days, Compared to Google’s 9 Months | Electronic Frontier Foundation

February 12, 2009


Today, Yahoo upped the ante when it comes to protecting search engine users’ privacy, announcing a new data retention policy providing for anonymization of search queries — as well as page views, page clicks, ad views and ad clicks — after 90 days. This announcement comes on the heels of Google’s announcement in September that it would be anonymizing its logs after 9 months.



via Yahoo To Anonymize Logs After 90 Days, Compared to Google’s 9 Months | Electronic Frontier Foundation.

This is old news, but posted as a reminder of the multidimensionality of privacy policies.  How to account for this?