Teh One Who Knocks
10-12-2011, 11:06 AM
By Chloe Albanesius - PC Magazine
http://i.imgur.com/NrL4G.jpg
It's getting harder and harder to remain anonymous on the Web. According to a new study, many Web sites are sending personal information about their users to third parties, even if you do something as simple as sign up for a newsletter or change your settings.
"Your web browsing, past, present, and future, is now associated with your identity," Stanford University graduate student Jonathan Mayer wrote in his report. "Swap photos with friends on Photobucket and clue a couple dozen more into your username. Keep tabs on your favorite teams with Bleacher Report and you pass your full name to a dozen again. This isn't a 1984-esque scaremongering hypothetical. This is what's happening today."
Researchers created an account and interacted with 185 Web sites that offered a sign up, did not require a purchase, and had limited features so as to be practical for the study. They were able to identify a username or user ID leaked to a third party on 113 of those Web sites. The top five sites that received the data were: comScore, Google Analytics, Quantcast, Google's DoubleClick, and Facebook.
In a statement, a Google spokesperson said "we've never attempted or wanted to parse out personal information in any URL schema provided by a third party site." Facebook did not immediately respond to a request for comment.
"Some Web sites leaked the username or user ID to dozens of third parties. For example, popular photo sharing website Photobucket embeds username in many of its URLs, and includes advertising on most of its pages; we observed the username get sent to 31 third [parties]," the report found.
A Photobucket spokeswoman said the site would have a statement shortly.
It's not just usernames that are being revealed. The act of signing up for newsletter on the Web site of major media outlets, for example, automatically sends your email address to several third parties.
"Entering the wrong password on the Wall Street Journal website sent the user's email address to 7 companies," the report said. "Changing user settings on the video sharing site Metacafe sent first name, last name, birthday, email address, physical address, and phone numbers to 2 companies."
The fact that this is happening isn't exactly crystal clear. "Many first-party websites make what would appear to be incorrect, or at minimum misleading, representations about not sharing" personal information, the report said.
In an event at the National Press Club today, where Mayer unveiled his report, Federal Trade Commission chairman Jon Leibowitz likened the practice to "a host of invisible cyberazzi."
"One day you might print out a CDC fact sheet on alcoholism to help your son with a project for health class. Click. Or you order a box of your mother's favorite candy to take her when you go visit. Click. Or you buy the book 'The Winner's Guide to Casino Gambling' as a raffle prize for your church's Las Vegas night. Click," Leibowitz said. "You know you are a dutiful parent, but a potential employer could see a boozy job applicant. You know you are a thoughtful daughter, but a health insurer could see a destined diabetic. You know you are a generous member of the community, but a loan officer could see a risky gambler."
Leibowitz acknowledged that much of the data transferred to third parties is used for targeted advertising, which he said can be "beneficial, or at worst innocuous." But "it could be traded throughout an invisible lattice of companies, snowballing into an exhaustive profile of you available to those making critical decisions about your career, finances, health, and reputation."
In December 2010, the FTC unveiled an online privacy proposal that includes a "do not track" suggestion for browsers that would prevent them from collecting a Web user's online history. Leibowitz said today that the agency will have a final report in the coming months.
"The bottom line is this: cyberspace need not be a privacy-free zone," Leibowitz concluded.
http://i.imgur.com/NrL4G.jpg
It's getting harder and harder to remain anonymous on the Web. According to a new study, many Web sites are sending personal information about their users to third parties, even if you do something as simple as sign up for a newsletter or change your settings.
"Your web browsing, past, present, and future, is now associated with your identity," Stanford University graduate student Jonathan Mayer wrote in his report. "Swap photos with friends on Photobucket and clue a couple dozen more into your username. Keep tabs on your favorite teams with Bleacher Report and you pass your full name to a dozen again. This isn't a 1984-esque scaremongering hypothetical. This is what's happening today."
Researchers created an account and interacted with 185 Web sites that offered a sign up, did not require a purchase, and had limited features so as to be practical for the study. They were able to identify a username or user ID leaked to a third party on 113 of those Web sites. The top five sites that received the data were: comScore, Google Analytics, Quantcast, Google's DoubleClick, and Facebook.
In a statement, a Google spokesperson said "we've never attempted or wanted to parse out personal information in any URL schema provided by a third party site." Facebook did not immediately respond to a request for comment.
"Some Web sites leaked the username or user ID to dozens of third parties. For example, popular photo sharing website Photobucket embeds username in many of its URLs, and includes advertising on most of its pages; we observed the username get sent to 31 third [parties]," the report found.
A Photobucket spokeswoman said the site would have a statement shortly.
It's not just usernames that are being revealed. The act of signing up for newsletter on the Web site of major media outlets, for example, automatically sends your email address to several third parties.
"Entering the wrong password on the Wall Street Journal website sent the user's email address to 7 companies," the report said. "Changing user settings on the video sharing site Metacafe sent first name, last name, birthday, email address, physical address, and phone numbers to 2 companies."
The fact that this is happening isn't exactly crystal clear. "Many first-party websites make what would appear to be incorrect, or at minimum misleading, representations about not sharing" personal information, the report said.
In an event at the National Press Club today, where Mayer unveiled his report, Federal Trade Commission chairman Jon Leibowitz likened the practice to "a host of invisible cyberazzi."
"One day you might print out a CDC fact sheet on alcoholism to help your son with a project for health class. Click. Or you order a box of your mother's favorite candy to take her when you go visit. Click. Or you buy the book 'The Winner's Guide to Casino Gambling' as a raffle prize for your church's Las Vegas night. Click," Leibowitz said. "You know you are a dutiful parent, but a potential employer could see a boozy job applicant. You know you are a thoughtful daughter, but a health insurer could see a destined diabetic. You know you are a generous member of the community, but a loan officer could see a risky gambler."
Leibowitz acknowledged that much of the data transferred to third parties is used for targeted advertising, which he said can be "beneficial, or at worst innocuous." But "it could be traded throughout an invisible lattice of companies, snowballing into an exhaustive profile of you available to those making critical decisions about your career, finances, health, and reputation."
In December 2010, the FTC unveiled an online privacy proposal that includes a "do not track" suggestion for browsers that would prevent them from collecting a Web user's online history. Leibowitz said today that the agency will have a final report in the coming months.
"The bottom line is this: cyberspace need not be a privacy-free zone," Leibowitz concluded.