You might not realize just how many companies are collecting data about your online activity, nor just how much data they’re actually collecting. You might also not realize that this data is increasingly linked to the personal information you provide to popular online services like Google and Facebook, and that this information is then being bundled and sold to third-party companies (primarily advertisers). But former Google engineer Brian Kennish realizes, and he cares. That’s why at the end of 2010 he quit his post at Google to found anti-tracking startup Disconnect.me.
Not long ago, Kennish was a contented Google engineer, writing code for advertising apps and the DoubleClick ad exchange. But while doing research for a talk he would give at the DEF CON hacking conference, he reached a startling epiphany about the thousands of companies that are out there tracking users’ browsing activities, and about the access that third-party apps had to Facebook users’ personal data. According to Business Insider 1,000 top-level companies and an additional 7,000 third-party companies are in on the act.
“I had been on other side, doing data tracking at Google, and at DoubleClick before that,” said Kennish, via Business Insider. “I helped write some of the original ad servers. I was knee deep. But the thing that alarmed me was that even I had no idea how many third-party places my data was going to online.”
Here’s a video of the talk Kennish gave at DEF CON 19:
So to counteract what he saw as Facebook’s overstepping privacy bounds (which must have been pretty significant for a guy who made his money writing tracking apps), Kennish sat down and wrote his first do-not-track browser extension, Facebook Disconnect, for Google Chrome. The story, as he tells it on his blog, is as follows:
Exactly one year ago, I noticed a virus infecting the web. Facebook widgets, mostly Like buttons, were popping up everywhere — alongside the articles I read, the music I listened to, the videos I watched. Worse, Facebook was (and is) serving these widgets off the same domain (facebook.com) as their login cookies.
That night, I spent two hours writing 53 lines of JSON and JavaScript (and two more hours making a Ghostbusters-inspired logo) to inoculate my browser. I called the Chrome extension, which works by stopping the flow of personal data from third-party sites to Facebook, Facebook Disconnect.
Kennish says he expected the extension to garner about 50 users, but was shocked at how much he had underestimated its desirability. “I was off by three orders of magnitude and change,” he writes. He soon expanded the extension’s reach to Safari and Firefox, and open-sourced the code. He also quit Google and in late 2010 launched Disconnect.me, with fellow Google ship jumper and engineer Austin Chau, and startup lawyer and consumer-rights advocate Casey Oppenheim.
Disconnect, which originally just blocked tracking from Facebook and related apps, has now expanded to protect users from tracking by Facebook, Google, LinkedIn, Twitter, Yahoo, and other third parties and search engines. Those fifty anticipated users of Facebook Disconnect now number over 400,000 (weekly users). One of the most encouraging aspects of the service, though, isn’t in its track-blocking front-end features. It’s not (strictly speaking) a feature at all, actually. It’s the company’s privacy policy, which is refreshingly up-front about about data retention terms (30 days), and what kind of information it collects (almost nothing). Very few companies are so keen on setting limits on the type and duration of data they retain. The policy states that none of its terms contradict these four key statements:
- We don’t collect your personal info, including your IP address, unless you give us your email address to correspond.
- We don’t sell your personal info to advertisers or other third parties.
- We share your personal info only when legally required. [My emphasis.]
- We retain your personal info, excluding info you make public, for no more than 30 days after you request deletion.
At the moment Disconnect’s still a free browser extension for Chrome, Safari, and Firefox, and Business Insider reports that an Internet Explorer extension is in the works. Disconnect may become a paid service once it hits a million users, though, so you might want to jump on board now.
Disconnect is far from the only anti-tracking resource out there, though. If you’re serious about taking back control of your online data — or if you at least want to survey your options for do-not-track freeware — you’ll also want to look into Abine’s Do Not Track Plus, the Electronic Freedom Foundation’s HTTPS Everywhere, and the TOR Project’s anonymous Browser Bundle.
Writing, not IT and coding, is my profession du jour, so take these as recommendations to look into and not necessarily prescriptions for your tracking woes. I’m more an advocate than technician, and I don’t like to reveal publicly what software I run on my own machine. But these are definitely worth looking into — I’ll say that much. Just always be careful when downloading any software. If you or someone you know has the skill set, have a good look at potential vulnerabilities, and weigh potential complications against advantages (if any) of running multiple anti-tracking extensions.
A bit much? Maybe you don’t want to start downloading freeware pell-mell, and I don’t blame you for that. There are still some things you can do to help staunch your existing data hemorrhage while you look further into what extensions you want to run on your browser. First off, you can make the leap over to alternative services with stated missions of protecting your privacy. Rather than heading over to Google for your search needs (where you’ll increasingly find personalized, filtered search results and custom advertisements), check out start-up anonymous search engines like DuckDuckGo. Oh, and if you know the URL of a site you want to visit, just go straight there. Do not pass Google. Do not let them collect 200 data points.
You can also make the switch (it’s hard, I know) to email services with a limited amount of server space. Sure, it’s hard to give up those 7 gigs and counting of free cloud storage, but Google and Yahoo are collecting data on the content of your emails, too. I won’t recommend a specific host, but look for one with limited storage and a clear and solid privacy policy.
Here’s another tip: don’t multitask your social stalking. Run sites like Facebook and G+ in their own browser, get your liking, +1-ing, poking, and posting out of the way, and then log out, clear your cookies, and restart the browser. In general, make it a habit to clear your cookies and cache regularly. And for Pete’s sake don’t stay logged into all your favorite services. It’s really not that hard to type your password each time.
Finally, here’s the key to smarter, more private Web browsing: simple prudence. Think twice about whether you really want to join that new service, download that app, post that photo, or check-in at that favorite bar of yours. Even reconsider promoting online content through social widgets like the ones at the top of this article. Though if don’t want to take my advice here, then please, by all means, click all the buttons. [Shameless self-plug detected.]
I hope you found some of this information useful. To close, here’s some sage advice from Gandalf, whose words are universally valid, be they applied to the way you carry a ring or the way you browse the Internet:
Keep it secret. Keep it safe.
[Via Business Insider, Main Image: Daily Byoogle]