Chances are you know you’re being tracked online. Most of us are at the point where we’re not surprised when an ad for something we searched for on one site appears on the next site we visit. We know that many pages (yes, this one you’re reading, too) drop cookies and other scripts into our browser to keep tabs on our activity and sell us stuff.
A new survey from a group of Princeton researchers of one million websites sheds some light on the cutting-edge tricks being used to follow your digital trail. Rather than placing a tracker on your browser, many sites are now “fingerprinting” — using information about your computer such as battery status or browser window size to identify your presence.
On this week’s What’s The Point, Arvind Narayanan, one of the authors of the Princeton study, discusses his research, the latest in online tracking and what you (and our lawmakers) can do to counter the trackers.
Read a partial transcript below. Here are a few of the tools and studies we mentioned in the show:
- Arvind Narayanan and Steven Englehardt’s full paper (PDF)
- Ghostery, an online tool that alerts you to the trackers on the website you’re visiting
- Panopticlick from the Electronic Frontier Foundation, which analyzes how well your browser is protected from tracking
How fingerprinting works
Arvind Narayanan: In the ad tech industry, cookies are gradually being shunted in favor of fingerprinting. The reason that fingerprinting is so effective is that even if you have a device that you think is identical to the device of the person sitting next to you, there are going to be a number of differences in the behavior of your browser. The set of fonts installed on your browser could be different. The precise version number of the browser could be different. Your battery status could be different from that of the person next to you, or anybody else in the world. And it turns out that if you put all of these pieces of information together, a unique or nearly unique picture of the behavior of your device emerges that’s going to be relatively stable over time. And that enables your companies to recognize you when you come back.
Jody Avirgan: But how does it enable that? My actual finger’s fingerprint doesn’t change from today to tomorrow. But my computer’s battery status can change. So how do they know it’s still you?
Narayanan: The battery status is actually the only exception to that general principle. And that’s the reason why we’re still figuring out how that works. [Editor’s note: Earlier in the interview, Narayanan had mentioned that the rate at which your battery depletes might be an identifier.] But let’s say you’ve got 41 fonts installed on your browser today. You come back in a week, maybe you have 43 fonts installed. But 41 of those are going to be the same as what they saw a week ago. And it changes slowly enough that statistically you can have a high degree of confidence. In the industry they call these things statistical IDs. It’s not as certain as putting a cookie on your browser, but you can derive a very high degree of confidence.
Tracking’s chilling effect
Narayanan: The reason that this is really important, and perhaps the primary thing that motivates me to do this research, is this world of pervasive surveillance that we’re entering into — and I’m going to use that word surveillance very deliberately, because it is surveillance. Everything that we look at online and click on is getting stored in a database somewhere. And it’s being data-mined and various [decisions] are being based on that. Targeted advertising is a relatively innocuous example, but there are a variety of other things that can and do happen.
There is research that shows that when people know they are being tracked and surveilled, they change their behavior. We lose our intellectual freedom. A variety of things we consider important for our civil liberties — say, marriage equality — are things that would have been stigmatized just a few decades ago. And the reason we got to the point where it was possible to talk about it and try to change our norms and rules is because people had the freedom to talk to each other privately. To find out that there are like-minded people. As we move to a digital world, are we losing those abilities or freedoms? That is the thing to me that is the question. That’s the most worrisome thing about online tracking. It’s not so much the advertising.
If you’re a fan of What’s The Point, subscribe on Apple Podcasts, and please leave a rating/review — that helps spread the word to other listeners. And be sure to check out our sports show Hot Takedown as well. Have something to say about this episode, or have an idea for a future show? Get in touch by email, on Twitter, or in the comments.
What’s The Point’s music was composed by Hrishikesh Hirway, host of the “Song Exploder” podcast. Download our theme music.