90.9 WBUR - Boston's NPR news station
Top Stories:
PLEDGE NOW
Online Tracking: Creepy Commerce?

Spying on American consumers is big business on the Internet. How companies slice, dice and sell your personal identity online.

The Reynolds Journalism Institute at the University of Missouri, July 20, 2010. Advertising industry leaders are teaming up with the journalism school to launch the Institute for Advertising Ethics. (AP)

It’s pervasive. It’s intrusive. And it’s perfectly legal—at least for now.

A new breed of tracking companies are spying on internet users, then slicing and dicing the information they gather into a goldmine of consumer data. Just what do they know about you? Where you live. What you buy. Whether you’re fat or thin, married or single, a homeowner or renter…you name it.

If you’re online, chances are you’re being followed everywhere without ever knowing. We look at your personal identity, for sale.

-Betsy Stark

Guests:

Julia Angwin, senior technology editor for the Wall Street Journal. She is the lead author of a new, in-depth series about tracking consumers online called “What They Know.”

Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, a nonprofit organization dedicated to defending consumer rights online.

Mike Zaneis, vice president for public policy at the Interactive Advertising Bureau.

Please follow our community rules when engaging in comment discussion on this site.
  • Joshua Hendrickson

    Interesting … a show about a columnist whose subject is ethics, followed by a show about the least ethical of all activities: advertising, and the invasion of our personal space in order to facilitate advertising.

    If it were up to me, there would be legislation requiring all ads to be absolutely factual and absolutely free of hyperbole. And the dissemination of those ads would be severely restricted.

  • Joshua Hendrickson

    Comics creator Dave Sim’s masterpiece, CEREBUS, at one point had its eponymous “hero” run for prime minister. A promotional tee-shirt of the time (early 80s) showed Cerebus as candidate glaring out at you; the legend on the shirt was most memorable. I think it sums up the attitude of all capitalists, politicians, and advertisers quite truthfully and succinctly:

    “CEREBUS: HE DOESN’T LOVE YOU. HE JUST WANTS ALL OF YOUR MONEY.”

    Now there’s real truth in advertising. Let that legend be emblazoned on every product label, every commercial, yea, verily, on every forehead of every huckster out there: I DON’T LOVE YOU, I JUST WANT ALL OF YOUR MONEY.

  • cory

    Joshua,

    I tried selling insurance for a short time, and I think the insurance industry could give the advertisers an ethical “run for the money”!

  • cory

    I wonder what life would be like free of the yoke of corporatist tyranny?

    I grew up in the age of plenty, when mediocrity was all that was asked in exchange for the American dream. I might find emancipation from the free market big brother awkward and frightening.

    This “tracking” of our lives and recording of our information…. Do we really oppose this, or is this really exactly what we want and need?

  • http://www.richardsnotes.org Richard

    Tom: Here’s a perfect opportunity for you to weave the two hours of your show together. You really have to get Randy Cohen’s take on this topic.

  • Zeno

    The proof of corporate government is that the corporations OWN your personal information and are allowed to sell it. These corporations create your credit history, and then sell it to ANYONE.

    Speaking of what part of you corporations own and can sell… Many corporations own life forms in total, and parts of the human body. I bought a blueberry bush and it had a tag stating that reselling the plant, or deriving other plants from it by grafting or any method of reproduction was a crime punishable by fines and imprisonment.

    There is a rise of security validation sites on the internet who buy and sell all of our personal information to ANYONE for $50. There is no guarantee that or law to require that the information is correct, or completely fictional, or that the information actually belongs to the name and SSN it is attached to.

    We are ALL literally being sold out.

  • Zeno

    …and I love when corporations have our information “stolen” by some “Internet thief”, and then put the blame and responsibility of the loss upon the individuals whose identity was stolen.

    The “solution”, yet another corporation, but usually the very same corporation selling identity theft protection for the information that they themselves “lost”.

    When will we have representative government that makes it illegal for private entities to gather, store, and sell personal information without consent or remuneration.

  • pw

    Zeno, I practically teared up just reading the phrase “representative government.” It’s been so long… (and I think my experience of it was in another country).

  • Larry

    Project Vigilant and the government/corporate destruction of privacy

    http://www.salon.com/news/opinion/glenn_greenwald/2010/08/02/privacy/index.html

    Why has WikiLeaks provoked such animosity? Because they committed the gravest sin: they breached the Absolute Wall of Secrecy behind which our Government, and its private National Security and Surveillance State partners, operate. That’s why WikiLeaks is so despised, deemed such a threat: because they are undermining in very modest ways the absolute secrecy of these power factions, and many citizens have been trained to believe in the justifiability of that pervasive secrecy as well.

    But while these factions demand total secrecy for their actions, they simultaneously demand that you have none for yours. They want to know everything about what you do — and are knowing all of that — while you know nothing about what they do. The loss of privacy is entirely one-way. Government and corporate authorities have destroyed most vestiges of privacy for you, while ensuring that they have more and more for themselves. The extent to which you’re monitored grows in direct proportion to the secrecy with which they operate. Sir Francis Bacon’s now platitudinous observation that “knowledge itself is power” is as true as ever. That’s why this severe and always-growing imbalance is so dangerous, even to those who are otherwise content to have themselves subjected to constant monitoring.

  • michael

    Facebook got in trouble for this as well but not just once but multiple times, the last was a showing what you bought online to other facebook users.

  • Larry

    Project Vigilant and the government/corporate destruction of privacy

    http://www.salon.com/news/opinion/glenn_greenwald/2010/08/02/privacy/index.html

    A Surveillance State …. breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched.

    A society in which people know they are constantly being monitored is one that breeds conformism and submission, and which squashes innovation, deviation, and real dissent.

  • AKILEZ

    What the use of this topic?

    I think everyone knows our personal info are always compromise and there is no way of stopping people from getting our personal informations.

    Thanks to the Internet.

  • Sam E.

    I don’t like spam and tracking anymore than anyone else but at the same time I recognize there’s a trade off. Recently I applied for a number of positions through Careerbuilder and got several emails for network marketing/direct sales positions. I didn’t like those emails but at the same time I imagine the only way Careerbuilder can make money is by selling my information. This is the price of a free internet.

  • Lisa

    What about tracking people as security risks? Are there certain activities, or combinations of activities, that cause the “people in charge” to red-flag someone, like if they look up homemade explosives or something?

  • joe

    The companies who track people online are like leeches. They make their living by lurking in the shadows, following people around and monitoring their activities without their permission. What a pathetic way to make a living.

  • Edward G

    My question is just how effective is all of this data mining? I know that before I put up cookie and ad blocking software, I never bought anything based on an un arbitrary internet ad, and I NEVER open mail from someone I don’t know.

  • ulTRAX
  • david

    There are Federal and state laws against surrepticious wiretapping without court approval. Why don’t these practices run afoul of those laws?

  • Larry

    I just deleted all my cookies and will block from now on.

  • Martha

    Two concerns: First, the Internet was developed with public (taxpayer) funds, and it should be subject to regulations that enable citizens to easily opt out of all tracking–you shouldn’t need an engineering degree to figure out how to do that. We need controls, and ad companies should not have unlimited, perpetual access to personal information.

    Second, take it to its logical conclusion. A person looks at a number of sites that can inform future employers and insurance companies that can shut them out of job opportunities and health or risk protection that you might need. It is creepy to go to a site and see ads that have pinpointed where I live, though I’ve had no previous contact with a website. If I look at a cancer site for information, that could rule me out without any opportunity for me to explain (not that I should have to explain).

  • Michael Ireland
  • Sheryl

    Talk about freaky reach. I was just on my facebook page and Facebook recommended that I “like” my doctor’s office. Yikes!

  • Dania Baudis

    International tracking – goes into translation. I was looking for a personal care taker for my Dad in Poland on a local Polish site. Since then I am receiving multiple emails from US companies specializing in care of seniors. It is creepy, especially that my Dad has since died.

  • AJ North

    Depending on what Internet browser is used and whether one has some technical inclination and is willing to add some additional steps to their journeys through cyberspace, there are ways to dramatically increase privacy.

    Take a look at this recent article by CNET on web-surfing privacy (with a somewhat colorful title) . It contains a link to a new study by Stanford University’s Computer Science Security Lab that is well worth looking at.

  • Amin

    I will not browse or shop sites that use excessive tracking means. I suggest there is an opportunity for someone to setup a business that for a fee, will offer consumers the depth with which the popular sites dis-respect personal data…

  • AJ North
  • George

    A few points that all readers and listeres shoudl know!!

    1) to unsubscribe from the cookie tracker sites, one needs to let them install a cookie on your computer – how ironic!

    2) if you set your browser to block third-party cookies, then I have found that Hotmail does not allow you to LOG-OFF Hotmail, for example So, th eidustry has created a set-up to that it is impossible to really “block” 3rd-party cookies.

    3) To enhance one’s security, you really should dedicate diferent browsers to different parts of your internet life: browser A (eg; Chrome) for any online purchases; Browser B (eg. Firefox) for personal research; Browser C (eg. Explorer) for job hunting etc…

    4) “InPrivate” browser modes are supposed to keep your session separated from the rest of your computer, however often they “leak” what you are doing to other open browser windows. Beware!

  • http://opustwocollaborative.com Michael Sattler

    First, this debate strikes me as old news. The data being described has been accessible for decades, and it’s trivial to obtain it. All the measures being described to “make the consumer aware” and “let them correct errors” are laughable. The amount of data out there is massive and constantly replicating – chasing down a specific individual’s data and removing it from this huge amorphous mass would be expensive and effectively impossible.

    Second, what’s the real harm we’re afraid of? The vast majority of uses of this data are legitimate and anonymous – deliberately malicious use is rare and against the law. Datagathering is a tool, like a hammer. Hammers can be used to hurt people, but you don’t outlaw them because of this – their legitimate use is overwhelmingly beneficial. You pursue the improper *use* of the tool.

    This idea that collecting data is “spying” is ridiculous and demagogic.

  • john

    …talk about facebook in this regard …

    i agree with the woman caller who spoke of the hostile street in todays America,
    when it comes to personal expression …

    remember technology is a creation of humans …so watch out !

  • Lee

    Interesting that the Wall Street Journal reporter, in naming web search topics that you may not want others to observe, included bipolar mental illness, obesity, and being a democrat as privacy issues. Too bad no one called her on it . . . all of us bipolar fat democrats appreciate her concern.

  • George

    A website to be aware of…

    PrivacyChoice.Org

    “PrivacyChoice gathers opt-out cookies from scores of ad delivery companies, which tell them not to use your information to target advertising. With our Firefox add-on, those cookies are automatically kept in place and up to date, even if you clear your cookies from time to time.”

    http://www.privacychoice.org/choose

  • Susan

    First I am a citizen, not a consumer. Oh how I have come to hate that word.

    The internet was built with public funds, and I am charged for my usage. It is not FREE!

    Why not a popup that says – if you access this FREE service, i.e. a dictionary, we will deposit a tracking cookie… Give me the option. Even better, my information belongs to me, if they offer me a cookie, and I accept, maybe they should send me a check.

  • Brian

    The paranoid conspiracy theory that government “thought police” are trying to interfere with your First Amendment rights on the Internet is a popular is popular with certain cable news talking heads and right-wing bloggers. Sadly, there will always be opportunists who are happy to exploit people’s fears in order to advance their political agenda.

  • Bill Flint

    They’re missing the point.

    The system is upside down

    That being, ALL of your personal information is available to marketers, without your knowledge, UNLESS you “opt out”

    Why should the consumer have to “opt out” ? Shouldn’t a marketing company, or anyone else for that matter, have to “opt in” ? i.e : ask your permission before collecting data.

    But then again, they have better lobbyists than consumers.

  • George

    Question:

    Is it possible to “game the system” by making random queries and visiting random websites to effectively dilute th eaccuracy of one’s “online” profile?

  • Kennie Lyman

    If this tracking is such a benefit to consumers, why is it done so clandestinely?

  • http://juxt.wordpress.com C. Svendsen

    To me, what’s insidious about the internet is that people are used to having information gathered about them in the course of a transaction, but they expect it to remain tethered to the limited context in which they shared it, and it’s not. After all, 100 years ago, I would still have been giving up information about myself any time I bought goods — from the bookshop, from the luxury leather shop, whatever. However, if anyone wanted to gather it — the police, a family patriarch, the censor — they had to go to that person, who had the discretion to talk or not, and I would have had a much more intuitive sense of how much I had shared. A lot more judgment would have been exercised about the sharing, too.

    Now, context is stripped away, data is transferrable, and programs make judgments about how to use data, not people. It’s destructive. An example: my parents died recently. After their death, my brother and I were besieged with automated messages from their insurance company offering them deals to sign up again, or asking them, by name, to call a representative to talk about why they had left. Now, that’s painful to hear. I would also wager that my parents are not the first people in America to die, or the first people signed onto that major health insurance company who have died — in the hospital, while being covered, while fully documented by the insurance company! But no human judgment was being used at all in how the data about my parents was being disseminated — it just got shucked from program to program and outputted on an automated voice dialing machine — and that’s destructive.

  • George

    Question: In the US government, is there a department Who’s job it is to regulate consumer privacy?

  • Dan Coffey

    Benjamin Franklin:
    People willing to trade their freedom (information) for temporary security (free stuff) deserve neither and will lose both

  • Paula Quinn

    I’m a university professor who was charged with introducing a leader in internet news. To research the man and his site for my introduction, I had to fill out an extensive online form at his website.

    Imagine my surprise–and dismay–when the speaker used, as examples in his talk, the very sites and topics I had searched most recently, including medical topics I had searched on behalf of elderly relatives that he could easily share with
    my supervisors.

    After the speech, he made personal comments to me that verified this man had accessed my personal information. I felt he was baiting me for a reaction, and I said so. He denied having any personal knowledge of me.

    I shared this experience with my students, cautioned them about the website,
    and held a lively discussion of First Amendment rights that the speaker had professed to value and respect in his speech.

    No name, No State, for obvious reasons

  • Peter

    I have found that while looking at airfares for a route we frequent, that the price goes up when I go back to the same site, but if I use a different computer I find the original lower price. Are the airlines using cookies to manipulate prices offered to customers? Have others had this experience?

  • AKILEZ

    Next step for the US Government is to pass the
    “Internet Act” to regulate,prosecute and implement laws for the American consumers.

  • George

    Mobile phone browsing:

    Also, beware – your mobile internet activity and your desktop/laptop internet activity is being linked.

  • george

    Peter – the answer is YES!

    “I have found that while looking at airfares for a route we frequent, that the price goes up when I go back to the same site, but if I use a different computer I find the original lower price. Are the airlines using cookies to manipulate prices offered to customers? Have others had this experience?

    Posted by Peter, on August 10th, 2010 at 10:53 AM”

  • Jed Guertin

    I had an opportunity to work for a large telephone holding company during the initial phases of deregulation. Verison is only slightly smaller than the old ATT, still a monopoly and unlikely to change its mindset. Google has become the new monopoly and is developing the same mindset.

    Their memo of understanding is like the treaties between the British and French in the 1700′s. They’re sitting in the native Americans home dividing up the furniture while the owners are outside in the dark.

    Now we’re the native Americans and the likes of Google and Verison are the British and French.

    When all is said and done,like the Indians, the American public will be given a territory, somewhere in the internet Artic.

  • Larry

    If google and verizon want to play hard ball let them.

    No more google or verizon for people who know what is good for them.

    We do have the choice to not use these “do no evil (not)” players.

  • Michael S

    So we’re worried that revealing your IP address is naturally going to lead to hospitals denying you care? Seriously?

    Moving through the internet while not leaving a trace is impossible. Cookies are how the vast majority of sites authenticate you – this is how your personal information is *protected*. “Opting out” of these systems would leave the internet useless.

    This fear is paranoia. Even the EFF’s best definition of the harm that datagathering causes is that web surfing can give you a “creepy feeling”. Telephones and motion pictures made people feel creepy when they were new too.

    People so paranoid about their privacy should just stop using the internet – but that’s impossible (and becoming more so), so the only choice we have is to get used to it. Our whole concept of privacy is antiquated – it evolved under a whole different set of technological circumstances. Our grandchildren will look at this whole question and shake their heads. Look at what people put on Facebook – KNOWING that the public can see it.

  • AKILEZ

    Jet Blue does that all the time George. for example: If you browse $250.00 for round trip tix then when you come return to Jet Blue site after searching for lower prices on other airlines the price of JB ticket is already changed.

  • alethea white

    Can you tell me where we can download software that will block or eliminate cookies all together? My husband was listening, but had to leave car before he could get all the info.

    Thanks

  • ThresherK

    This idea that collecting data is “spying” is ridiculous and demagogic.

    Implied consent, anybody? There is no trust to be assumed on the part of these folks. It’s like a traveling salesman coming to my home, introducing himself (and getting my first name), then thinking he has a right to dig through my cancelled checks, library books, trash, and whatever junk mail I haven’t thrown out.

    When did I agree to this?

    And I only heard some of the show (will grab podcast later) but for email I have an address and name, and I sign in with them to use that. I accept. But just Any Old Website I’m reading? There’s a difference.

    Hoping the internet advertising guy gets the difference. Not holding my breath.

    +1 for Kennie Lyman: A good idea doesn’t need to be lied about; an honest agreement can be written in few words. The more 4-pt boilerplate they throw at users, the less they want us to know about what we’re “agreeing” to “freely”.

  • http://reinventing-america.blogspot.com/ ulTRAX

    ISPs/web sites will ALWAYS have a conflict of interest because protecting privacy cuts into their advertising revenue. Industry self regulation will NEVER work. It’s designed to provide consumers more with the ILLUSION of privacy. TRUSTe was a prime example: http://www.etrust.org/ And it’s not as if every site joined TRUSTe. So even if a site honestly states in their privacy policy they track keystrokes, how many visitors actually read these policies. For instance if you ever read Yahoo’s policies, you’d never want to visit there again… and they have tracking cookies all over the net.

    The simple fact is that ALL privacy invading technologies WILL BE EXPLOITED if there’s a market for that information. While the industry makes the same arguments they did 15 years ago… that consumers prefer to see relevant ads, they gloss over the extent our privacy is invaded and whether our private information sold to third parties. And even if it’s against TODAY’S privacy policies… those policies can change as DoubleClicks did about 10 years ago. They first said they didn’t want personal identifiable info… only a profile for targeted ads. Then they said ALL information would be gathered and sold to 3ed parties if they choose.

    In the late 1990s I used WebTV and they made the SAME bland assurances that they only collected enough information to “enhance our web experience”. Founder Steve Pearlman was saying this to customers: “It not only makes ethical sense to protect peoples’ privacy, in the end it makes economic sense. Because if they feel they’re being watched or don’t feel, they’re not going to use your service,”

    But this is what WebTV was telling their advertisers: Build a relationship between your brand and WebTV users from the moment they sign onto the WebTV service. Follow them around during their Internet and TV viewing session. WebTV Networks will help you deliver your message more accurately than ever before.

    I and other hackers were able to document the extent of what private data they tracked… right down to what we printed. I created a site to exposing WebTV back in 1999: http://webtvexposed.tripod.com/ That was 1999. Does anyone feel those market pressures to track us as we surf the web have DEcreased?

  • george

    Michael -

    replying to your post below…

    The problem is this information about you is so easy to get, so spoofing or stealing your identity is so easy to do. And indeed, this is what criminals are doing NOW.

    “So we’re worried that revealing your IP address is naturally going to lead to hospitals denying you care? Seriously?

    Moving through the internet while not leaving a trace is impossible. Cookies are how the vast majority of sites authenticate you – this is how your personal information is *protected*. “Opting out” of these systems would leave the internet useless.

    This fear is paranoia. Even the EFF’s best definition of the harm that datagathering causes is that web surfing can give you a “creepy feeling”. Telephones and motion pictures made people feel creepy when they were new too.

    People so paranoid about their privacy should just stop using the internet – but that’s impossible (and becoming more so), so the only choice we have is to get used to it. Our whole concept of privacy is antiquated – it evolved under a whole different set of technological circumstances. Our grandchildren will look at this whole question and shake their heads. Look at what people put on Facebook – KNOWING that the public can see it.

    Posted by Michael S, on August 10th, 2010 at 11:02 AM”

  • Michael S

    George -

    “The problem is this information about you is so easy to get, so spoofing or stealing your identity is so easy to do. And indeed, this is what criminals are doing NOW.”
    >> Yes, I get that. It’s easy to do, and it’s happening now. Yep. And it’s already illegal. It’s called fraud, and has been a crime for centuries. So where’s the problem? Our paper mail is full of useful data, but we don’t consider the postal service guilty of privacy violations. They know your zip code, though. (Horrors!) They know your address (Evil!). Worse: THEY KNOW YOUR NAME! AND THEY PUBLISH IT WITHOUT YOUR PERMISSION! Oh wait, you can opt-out. Interesting that they don’t take your address out of the postal database though…

  • ThresherK

    Look at what people put on Facebook – KNOWING that the public can see it.

    The Public? How about all those other people who are saying “I thought I signed up for one level of privacy and Facebook changed it while I wasn’t looking”?

    That one person got their ID stolen or (in meatworld) was pickpocketed doesn’t mean I throw up my hands and say “It’s open season on me”.

  • Michael S

    For ThresherK -
    “When did I agree to this?”
    >> You agreed to it when you decided to use the service that the company provided. Every website has a usage agreement, and virtually all of them document their privacy policy. Your assent is implied when you use their service – not just when you hit I Agree during a signup process.

    Now most people don’t read it, I get that. But that doesn’t mean they’re exempt from the rules. You walk into Starbucks and order a coffee, you agree to abide by their rules. Don’t like the rules? Don’t buy the coffee.

    By the way – don’t think for a moment that datagathering is limited to the Internet. Starbucks knows a LOT about you when you swipe your debit card through their reader.

    I know people are just waking up to this, but the answer isn’t outrage or demagoguery or mindless corporate vilification or government regulation – it’s how we adapt *ourselves* to the reality of this technology, given the monumental benefits it brought with it.

    Or we can opt out. But we know how that worked out for the Unabomber. :-)

  • Michael S

    For ThresherK -
    “I thought I signed up for one level of privacy and Facebook changed it while I wasn’t looking?”
    >> Easy. Stop using Facebook. It’s not a public service – it’s a private one. You have the freedom to not use it. And if you put something truly consequential on Facebook under their *old* policy, what were you thinking? :-)

    “That one person got their ID stolen or (in meatworld) was pickpocketed doesn’t mean I throw up my hands and say “It’s open season on me”.”
    >> Nope. But you don’t outlaw wallets. Or IDs. You outlaw the act of stealing them.

  • AJ North

    To Althea White:

    Among the several useful (and reputable) free help sites on line is one called “Ask Leo” – http://ask-leo.com/ at which are archived a plethora of various Q & A’s, and at which you can also ask your own specific question.

    The browser you use will have various settings that can be changed from their defaults (“factory settings”). If you enter the phrase “how to change [browser] cookie settings,” substituting the name of your browser for the word “browser” in brackets, several results will be found – but there is no immediate way for you to discern whether a particular site with which you are not familiar is safe.

    Enter a free browser “add-on” called “Web Of Trust;” there is a useful review (and user comments) at download.com (a reputable & safe site) – http://download.cnet.com/Web-of-Trust-for-Internet-Explorer/3000-12512_4-10777505.html

    WOT currently works with Internet Explorer, Firefox, Google Chrome and Safari, and provides instant feedback on a very large percentage of sites around the world; their color code immediately tells you whether it is wise to visit (or continue at) a site – or avoid it altogether (or leave immediately).

    Finally, assuming that you’re running Windows there are a number of free utilities that, among other things, clean out (delete) browser cookies (while allowing you to select those you wish to keep). Among several is one I’ve used for many years called “CCleaner” (see http://download.cnet.com/ccleaner/?tag=mncol for a description & review).

    Hope this is helpful.

    Regards,

    AJ North

  • AdGuy

    As a professional in this space I can tell you that you have only just scratched the surface.

    The problem is that these companies steal from you. They dont ask, they dont tell, they take and they sell. They do not provide any value to the user but instead they exist solely for their own benefit. And when companies/entities exist for their own benefit, evil follows.

  • AJ North

    Ms. White, please excuse my typo in writing your first name… :-)

  • George

    Michael -

    “They know your zip code, though. (Horrors!) They know your address (Evil!). Worse: THEY KNOW YOUR NAME! AND THEY PUBLISH IT WITHOUT YOUR PERMISSION! Oh wait, you can opt-out. Interesting that they don’t take your address out of the postal database though…”

    The problem is:

    1) that we lack a way to verify the authenticity of “online identities”.

    2) while in the past information may have been available, you cou;n’t put it together so easily and create such an accurate profile before.

    Connect these two ideas, and it’s much much simpler for criminals thousands of miles away to effectively and invisibly tap into and steal portions of your life while you are 100% unaware of it.

    Yes this was possible before. But now it is so much easier to do, and at a much much much larger scale.

  • Clinging to his gun and religion

    There’s a reason that Eric Blair’s pen name has become an adjective – Orwellian. It’s because we have industry shills like Mike Zaneis, of the Interactive Advertising Bureau telling us soothingly that they’re only trying to target us for a few advertisements to make our online shopping more rewarding and interactive. These are the same people who sell perpetual war and create needs when there are none to enslave us. Government is entirely controlled by this elite – or would be if we fail in our civic duty to hold our elected officials responsible for protecting our rights. BTW, Google just planted another cookie in my computer while I was writing this.

  • George

    IRONY!! Take a look at all the organizations that are tracking who is visiting http://www.privacychoice.org/site

  • Michael S

    For AdGuy -
    “When companies/entities exist for their own benefit, evil follows.”
    >> Well, technically companies exist for the benefit of their stockholders, who freely chose to buy their stock. And the products and services they produce exist for the benefit of their customers, who can freely choose to buy them or not. But we get your point: all companies are evil, just because they’re companies. Governments and non-profit organizations never exist for their own benefit and are never evil. I remember when I got my International League of Evil membership card when I moved from union member to management. Good times. :-)

  • Phil

    Ask the guests about ISP’s – Internet Service providers………an aol or earthlink or comcast type of company will have every site you ever visited on record. This is probably more valuable and dangerous than simple cookies.

  • John deegan

    I recently came upon this pernicious practice. I use an anonymizer and Tor which interferes with this type of tracking. I recently tried to open an account with a brokerage (Vanguard) and a representative called and said people who use these devices are suspected of committing on-line fraud. After much back and forth I was accommodated by a more sensitive representative. Even more recently, my Paypal account has been suspended several times. It turns out that, again, my use of anonymizers has caused problems. These verification contacts appear to be fishing expeditions and are worrisome. This need to identify myself beyond log ID and password is excessive. Worse, it affects my creditworthiness.

  • AdGuy

    Oh Michael,

    Are things really that black and white?

    The point is that when a companies sole purpose goes against the ethics of the community they service, it becomes more important to make money for themselves then provide a service of value. Look at banks for an shining example of this. It become more important to survive and thrive then exist for any purpose other than profit.

    Evil is not always about blood…

  • ThresherK

    Michael S,

    So you want all those end-user agreements to be written in plain, easy-to-understand language too? And the end user to be notified and have to accept before there are changes in agreements?

    Facebook is meaningless to me. Until the point that they’re screwing over God-knows how many others means that they’ve defined the new bottom for business conduct. And then everyone else wants to sink to that bottom.

    And then it is a problem for me. And all of us.

  • Bob

    Very few people seem to bring up reasonable solutions. Government regulation of advertisers or information gathering groups is never going to work — it’s only going to ensure that all such information gathering gets done by trackers based on foreign soil.

    Yet there’s a simple regulatory solution that’s easily available — regulate web browsers and major browsing software (Java, Flash, etc.).

    There’s absolutely no good reason why 3rd-party cookies need to exist. None. It shouldn’t be something you have to disable in your browser. It just shouldn’t be possible in your browser. There’s little reason that 1st-party cookies should exist beyond your immediate browsing session. Sure, they allow you to go back to Amazon or whatever and not have to log in again, but with your password stored in your browser, this isn’t much of a pain. All cookies should die with your browser session, and 3rd-party cookies shouldn’t be allowed to exist in software.

    As for browser plugins — why are Flash cookies allowed to exist? They don’t need to. It should be illegal for browser software to track you in such a way without EXPLICIT user permission for every site that wants to track you.

    Similarly, for Javascript — why when I visit any website with some advertising on it do I need to have scripts running from a dozen 3rd-party sites? I use script manager plugins to disallow most of these, but why should they exist? Why should all 3rd-party requests by one website to another get processed by default?

    The fact is that most of these features are used for legitimate purposes by web designers. But they aren’t really necessary — they just make certain kinds of web design easier. However, 99.9% of their use today is for collecting information and spying on you. These “features” may have had noble design goals when they were introduced 10 or 15 years ago, but they simply aren’t necessary for most sites.

    Simply put, browsers and browser plug-in software should not allow you to be tracked, by default. 3rd-party requests to create cookies, run scripts, etc. shouldn’t be allowed.

    Right now, it’s rather difficult to surf the web freely without allowing invasive tracking. You often can’t read a lot of sites, comment on them, or do any significant business without allowing a lot of unnecessary scripts and 3rd-party tracking. The internet exists like this because browsers are set by default to allow this situation. They should not be.

    If a company sold a child’s toy — say a teddy bear — that had a hidden built-in camera system that sent a live webfeed to all child molesters, it would be taken off the market immediately. The purpose of a teddy bear is not to let people surreptitiously track you.

    Why is it any different with web browsers? Their purpose is to display HTML code on websites. Why do we all them to do much more than that?

  • Jean

    When I buy a computer, that is MY property. It is the height of audacity for other people to plant cookies on MY computer and use MY harddrive without my permission. If they want to track stuff using their fown systems, fine. There are plenty of ways to do that. But they have no right to use MY property without MY permission.

  • Bob

    By the way — some have asked how to avoid tracking. It’s difficult, but here are the stages, depending on how safe you want to be.

    (1) Use a browser that allows privacy plugins, like Firefox or Opera.

    (2) Get plugins that control scripts (NoScript), 3rd-party requests (RequestPolicy), cookies (CookieSafe or CS Lite), Flash cookies (BetterPrivacy), and an opt-out cookie manager (Beef TACO — not TACO, which is no longer good). I gave some names of possible ones in parentheses for Firefox; they aren’t the only ones out there. The last one will broadcast opt-out cookies to many common sites that provide them with no information, but still allow you to use the sites (even if they “require” cookies to run). You might also like to have a plugin that tells you when a link is unsafe (Web of Trust, or WOT).

    Be prepared for the internet to look weird, and for some sites to deny you access. You’ll have to decide which sites you visit enough to fix, in which case you’ll have to allow some cookies and/or allow some scripts or requests. Don’t allow them all by default even for sites you visit, which will defeat the purpose. You need to figure out how many to allow to get the minimum functionality you’re happy with. Banks and reputable business websites are usually okay; random websites, blogs, etc. often want you to enable a dozen 3rd-party cookies, a dozen 3rd-party scripts, etc. Don’t give in.

    Most people will be astounded when they first try this to discover that websites they love are allowing dozens of other sites to gather information on them. If you don’t like it, stop using such sites. For that matter, if possible stay away from the truly dangerous tracking sites (things like Facebook come to mind), or if you have to visit them, be sure to disable their scripts after you’re done visiting them, or else they’ll track you all over the internet.

    (3) If you want to go to the next level, use Tor. It’s free software designed to mask your IP address. Even if you don’t allow cookies or scripts, companies can still see your IP address and if you’re on a network where you or your family is the only one using that address, companies can associate your internet activity with that IP address. Tor helps to make you more anonymous, but it’s pretty useless if you don’t already use the anti-tracking software I mentioned in (2).

    The downside is that Tor makes things run a little slower, and you shouldn’t use it for large file downloads/uploads. You also risk problems with some companies (as a previous post noted) who will treat you as if you’re a terrorist for trying to be anonymous. Usually being polite will allow you to get through to these businesses, if they are major legitimate ones.

    (4) The final level — suppose you accidentally or unintentionally allow a company to track you anyway by allowing the wrong cookie, the wrong script, etc. How can you be sure this won’t follow you in your browser forever?

    Well, you can use your browser’s option to clear your history, and all cookies and personal data. That only goes so far though, and it won’t help you if your computer has been compromised by downloading some spyware or if someone has hacked in.

    So, the final stage is to do all your browsing on a “clean” machine — one where every time you use your browser, you are guaranteed that there’s no residual information. There are two easy ways to do this: use a virtual machine that doesn’t save any changes, or use a USB or live-CD operating system that doesn’t save changes (many Linux distributions are good for this). Every time you boot up to these operating systems, you’ll have a completely clean machine, and any personal data that accumulates will be destroyed when you shut it down. This is annoying because it takes extra time to boot up and shut down, and you’ll have to enter in any passwords and such every time. For banks that require additional verification of new machines, you’ll have to do that every time, which might raise suspicions until you let your bank know what you’re doing and why.

    If these steps sound extreme, they are. But tracking is so utterly pervasive on the internet nowadays that such steps are the only way to prevent it.

  • ulTRAX

    A useful free tool called CCleaner can rid the PC of junk files but it also has a cookie manager. One can protect the traditional cookies they want to keep while cleaning out the rest. For instance I protect my site login cookies and routinely delete all the others, including the tracking cookies.
    http://www.piriform.com/ccleaner Flash cookies have to be dealt with in the Adobe Flash Player options.

    Another useful method to protect privacy is to block ad/tracking sites at the hostlist. http://www.mvps.org/winhelp2002/ This stops the PC from having any contact with these sites… though I wonder if it would work if sites were not using DNS. The problem with this approach is you may want to go to one of these sites and forget that it’s blocked. It will drive you nuts. It would have to be manually edited. Which is why another IP blocker like PeerGuardian 2 may be a better option since it can easily be switched on and off. http://phoenixlabs.org/pg2/

    The free Avant browser, which sits atop IE, has easy options to shut off javascript, flash, ActiveX, and Java. Cookies don’t work without javascript and killing flash not only gets rid of those annoying ads, but may deal with the problem flash cookies. http://forum.avantbrowser.com/

  • ulTRAX

    John Deegan wrote: use an anonymizer and Tor which interferes with this type of tracking. I recently tried to open an account with a brokerage (Vanguard) and a representative called and said people who use these devices are suspected of committing on-line fraud.

    Assuming you live in the US, if someone tried to access your account from some IP in Belgium, wouldn’t you WANT your bank to verify it was you? Next time you’re using TOR go to http://whatisyourip.org/ and see what nation you’re surfing in from.

  • ulTRAX

    Jean wrote: When I buy a computer, that is MY property. It is the height of audacity for other people to plant cookies on MY computer and use MY harddrive without my permission.

    Read the Terms Of Service agreement at the sites you go to. Chances are your very used of the site implies consent to the TOS… which means you’re giving your consent without knowing it. Cookies from third parties are probably described as “partners”.

  • ulTRAX

    George wrote: A website to be aware of…
    PrivacyChoice.Org

    I don’t trust ANY of these voluntary industry ploys that provide the ILLUSION of privacy. Who really knows what goes on with this service? Are your habits being tracked just not used for ads? How many companies does it really cover? Can they change their mind later like DoubleClick did and declare all your information is now theirs to do with as they like? Are you now being profiled as a web paranoid?

    It’s MUCH better to use a cookie manager like in CCleaner than to hope these people are on the up and up. CCleaner is free and it protects the cookies you want and deletes the rest. http://www.piriform.com/ccleaner

  • ulTRAX

    George wrote: Is it possible to “game the system” by making random queries and visiting random websites to effectively dilute th eaccuracy of one’s “online” profile?

    But for that to work, you’d have to allow yourself to be tracked and be prepared to waste a lot of time going to sites you’re not interested in!

    However, when you delete your cookies… regular and flash, you may appear to be a totally different person and tracking starts from scratch. Of course if the cookie is deleted, they may still try to identify you through your IP, browser/system fingerprint, or MAC number.

  • David

    Assuming that most folks do not block cookies.

    If companies are using web site visitation in ways that may be prejudicial then there seems to me to be a niche for software to be developed that would create a vast and pseudo-random website search history that would basically overwhelm the “listeners”. Imagine that I legitimately was searching for information about liver disease. My insurance company might be interested in that. But what if my webvisit bot automatically generated websearches in great detail on 7000000 different diseases. The insurance company would be begin to question what where real searches for real concerns and what were shadows. Game over.

  • http://N/A Mathew

    I am on the other side of the fence. I am for the collection of my information. Feel free to use it, and go one step further; give it to developers and manufacturers and use that information to build a better product. Once you’ve created that product, give me an ad on it, and in all likelihood, I will buy it.

    For the folks that are wearing their “tinfoil hats” always be aware that “big brother” is watching. Only say and do online what you’re comfortable with sharing with the world.

  • Max

    How can we keep talking about government regulation? The USA doesn’t own, or control the internet. In the 90′s, most piracy websites were hosted within the US, until massive crackdowns by the FBI. So, they all moved overseas, such as Sweden, where piracy was actually *legal*. In fact, the PirateBay had received many takedown notices from law firms that didn’t seem to realize that the US has no jurisdiction in Sweden.

    If the US starts regulating, companies will simply move overseas.

  • http://betterwearahat.com Ed Flynn

    Its a small jump to go from online tracking to governmental tracking and big brother watching.

    Furthermore the tradeoff for the fictional “free content” is a ruse. And what will make that a further fallacy will be when google, Verizon and all the other gatekeepers implement a two tiered system, which be a way for ISP and telcoms to create yet another way to pry even more money from customers.

    When we compare what’s going on in our country with the creation of this vast corporate Big Brother to how other country protect consumers right, we can see that US citizens are a more “prey” than consumer.

    This is further exemplified by the lack of investment by the Telcoms and the Goverment into creating a true high broadband, equal access system much like countries like Japan and elsewhere.

  • http://google ann

    Note he didn’t answer the question about online financial info that might be picked up and used. How? Who knows.

  • k

    To the caller from MA who characterized having a sense of personal privacy an antiquated notion: no one I know — no one — is happy with the level of information that is shared via the Internet without our explicit knowledge. SHaring is not the default by consumer choice. And advertising execs don’t get to decide if having a sense of privacy is antiquated. There are both explicit laws about privacy and implied rights to privacy. The point is that you, Mr Ad Exec, are not the person who should have the power to decide what to share, and people do not, in the overwhelmingly majority of cases, have a reasonable, manageable, transparent way to opt out of cookies, etc. Privacy is not an antiquated notion any more than the Bill of RIghts is an antiquated law.

  • be

    It is funny that onpointradio.org site itself install 4-5 cookies, including one from doubleclick.net.

    Even worse is wbur.com, there this program is broadcast. They install about a dozen cookies themselves. They also install 3rd party cookies including ones from youtube.com, facebook.com, doubleclick.net.

    Given this, there is some disingenuousness to this whole show.

  • ulTRAX

    Be wrote: “Even worse is wbur.com, there this program is broadcast. They install about a dozen cookies themselves. They also install 3rd party cookies including ones from youtube.com, facebook.com, doubleclick.net.”

    Whenever a 3ed party site serves something to a host site… be it an ad, a web bug/beacon, a video, whatever… they are capable of also serving us cookies.

    Just what the intended purpose of those cookies is, is largely in control of those 3ed parties.

    Given that DoubleClick has had such a scummy reputation ever since they decided to sell personally identifiable information some 10 years ago… I can’t understand why someone like yourself who at least knows where to look for cookies, still doesn’t have them blocked either through an IP filter or the hostlist. OK… maybe you were just doing an experiment.

  • ulTRAX

    REMEMBER THE PENTIUM 3!!!!!!

    We web surfers MUST remember Intel’s attempt to include a unique ID number in the Pentium 3 chip. This was over TEN years ago. All attempts to anonymize ourselves would be useless if there was a unique ID that identified our PC. That’s what Intel planned… until forced by public pressure to get rid of this feature.

    But the market pressure to find a way to identify YOUR PC… thus YOUR home, and to connect YOU to all your interests/investments/health concerns… whatever helps corporations profile you… has NOT gone away. It WILL come back in some form… and We the People better be prepared to fight it again!

    FROM http://en.wikipedia.org/wiki/Pentium_III

    The Pentium III was the first x86 CPU to include a unique, retrievable, identification number, called PSN (Processor Serial Number). A Pentium III’s PSN can be read by software through the CPUID instruction if this feature has not been disabled through the BIOS.

    On November 29, 1999, the Science and Technology Options Assessment (STOA) Panel of the European Parliament, following their report on electronic surveillance techniques asked parliamentary committee members to consider legal measures that would “prevent these chips from being installed in the computers of European citizens.”[12]

    Eventually Intel decided to remove the PSN feature on Tualatin-based Pentium IIIs, and the feature was not carried through to the Pentium 4 or Pentium M.

  • ulTRAX

    Mathew wrote: I am on the other side of the fence. I am for the collection of my information. Feel free to use it, and go one step further; give it to developers and manufacturers and use that information to build a better product. Once you’ve created that product, give me an ad on it, and in all likelihood, I will buy it.

    Matt, you are truly naive. Do you REALLY believe all this data collection is simply to “build a better product”? It’s designed to separate you and your family from your cash on EXISTING products… decent or not… worthwhile or not.

    And do you SERIOUSLY believe that if a health insurance company can get access to, say, your grocery, liquor, whatever purchases… they WON’T use that information… even unfairly… to categorize you or members of your family as a health risks?

    If you do… you’re a fool. Real world market pressures will ALWAYS trump such blind ideological faith that market forces are always beneficial.

  • Jim

    I realize that everybody wants info about you. This is the reason for cookies and certificates.
    My question is how much info is given to you in the form of subliminal messages on the computer? Is it regulated or illegal, like it is on television? Are messages put in movies on web sites? Can a cookie or certificate flash a message continuously on your screen?
    I studied this in collage in the 60s. The computer is a new frontier for the type of advertising.

  • Listener in Brooklyn

    Listened to this show. By the end of it, On Point had left several cookies on my computer. Why?

  • james noble

    The internet has become not just a tool but a whole toolbox. These tracking devises are a very powerful sub-tool. much like a knife it can be used as a kitchen utensil or a weapon or both. Given the current situation with the economy and how it came about which do you believe the corporate empire will use it for? Spying has been going on since Cain and Able. The crime here is not that Cain saw Able but that he used this advantage for personal gain. Eventually the whole tribe was clipped over the loss of Able and that is why Cain was banished from the society. Theft isn’t the problem here. The problem is control over society. Used properly this tool can and does slow and isolate hellions [terrorists]. Used improperly it can and does slow and identify whole segments of society for placement. Yes social control is happening now. I believe that most people don’t trust any corporation to police itself [remember Enron]. What choice do we have? None. The corporate empire has completely covertly assimilated our government.

  • http://www.richardsnotes.org Richard

    “Listened to this show. By the end of it, On Point had left several cookies on my computer. Why?”

    Because you commented here in this thread. The cookie(s) ID you as a return poster next time you come here.

  • http://www.richardsnotes.org Richard

    Betsy Stark did an excellent job here. Great show.

  • Mark Tucker

    When I listened to the show yesterday, you said there was a link to the Wall Street Journal article. Can’t find it – where is it? Can you repost the link?
    Mark

  • http://www.richardsnotes.org Richard
  • ulTRAX

    Richard wrote: The cookie(s) ID you as a return poster next time you come here.

    When it comes to OnPointRadio.org cookies (not 3ed party) that might be true if there was a login or site preferences which could be remembered. They were essential for shopping carts. But there is no real login here. We don’t register user names or have to login to this site to post. I suspect more than one poster can use the name “Richard” which is impossible at traditional forums where all members have unique user names.

    Sites seem to give out cookies by default because HTML is “stateless”. Looking for a quick definition this one is as good as any:

    HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies.

    FROM: http://wiki.answers.com/Q/What_is_HTML_stateless_protocol

  • http://www.richardsnotes.org Richard

    I’m no expert but I do know that when commenting is turned on, wordpress (used here) sets cookies to help site admins deal with comments. For instance, some sites (mine for instance) puts all new commenter’s comments in moderation to help weed out spam. Once a commenter is let through the filter he/she can comment freely although abuse can be monitored and a commenter can be spammed or blocked.

    How many cookies are used for this I’m not sure and as one who not only runs but comments on dozens of blogs, I’m sensitive to all of this.

    Like others here, I dump all of my cookies monthly and simply redo the connections from scratch. It’s not hard and while it’s not the ultimate solution it helps.

  • ulTRAX

    Richard wrote: Like others here, I dump all of my cookies monthly and simply redo the connections from scratch. It’s not hard and while it’s not the ultimate solution it helps.

    Once a month? Most browsers now have a privacy setting that deletes all your surfing history and cookies when you log out. Of if they don’t work as advertised you can always run a sandboxed browser with a program like sandboxie.com It allows a browser to operate in a virtual environment and even if you get infected by malware, it won’t affect your PC. You can just shut down the sandbox and start a new one.

    But if you have cookies you want to keep, you might benefit from a cookie manager like CCleaner. It lets you keep the cookies you want while it deletes the rest… and it’s free. http://www.piriform.com/ccleaner (they also have a great deleted file recovery program called Recuva which is also free)

  • ben

    i hate when tom is away.

  • Listener in Brooklyn

    Well, I currently have settings to deny all cookies … testing if this still will post. If so, why can’t all posts be made without them?

  • http://flexperiential.com David Salahi

    Great show, thanks!

  • http://DogEatDogma.blogspot.com Tim Giangiobbe

    Really Now all They care About is how much money they can make being no diffERent than an online Peeping Tom.These Corporations Tak

ONPOINT
TODAY
Aug 20, 2014
A man holds his hands up in the street after a standoff with police Monday, Aug. 18, 2014, during a protest for Michael Brown, who was killed by a police officer Aug. 9 in Ferguson, Mo. (AP)

A deep read on Ferguson, Missouri and what we’re seeing about race, class, hope and fear in America.

Aug 20, 2014
In this Oct. 21, 2013 file photo, a monarch butterfly lands on a confetti lantana plant in San Antonio. A half-century ago Monarch butterflies, tired, hungry and bursting to lay eggs, found plenty of nourishment flying across Texas. Native white-flowering balls of antelope milkweed covered grasslands, growing alongside nectar-filled wildflowers. But now, these orange-and-black winged butterflies find mostly buildings, manicured lawns and toxic, pesticide-filled plants. (AP)

This year’s monarch butterfly migration is the smallest ever recorded. We’ll ask why. It’s a big story. Plus: how climate change is creating new hybridized species.

RECENT
SHOWS
Aug 19, 2014
Lara Russo, left, Cally Guasti, center, and Reese Werkhoven sit on a couch in their apartment in New Paltz, N.Y. on Thursday, May 15, 2014.  While their roommate story of $40,800 found in a couch made the news, other, weirder stories of unusual roommates are far more common. (AP)

From college dorms and summer camps to RVs and retirement hotels, what it’s like to share a room. True stories of roommates.

 
Aug 19, 2014
Police wait to advance after tear gas was used to disperse a crowd Sunday, Aug. 17, 2014, during a protest for Michael Brown, who was killed by a police officer last Saturday in Ferguson, Mo. (AP)

“War zones” in America. Local police departments with military grade equipment – how much is too much, and what it would take to de-militarize America’s police force.

On Point Blog
On Point Blog
Your (Weird? Wonderful? Wacky?) Roommate Stories
Tuesday, Aug 19, 2014

We asked, and you delivered: some of the best roommate stories from across our many listener input channels.

More »
1 Comment
 
Our Week In The Web (August 15, 2014)
Friday, Aug 15, 2014

On Pinterest, Thomas the Tank Engine and surprising population trends from around the country. Also, words on why we respond to your words, tweets and Facebook posts.

More »
Comment
 
Nickel Creek Plays Three Songs LIVE For On Point
Wednesday, Aug 13, 2014

Nickel Creek shares three live (well, mostly) tracks from their interview with On Point Radio.

More »
Comment