Web browsing
© NBC
Stop "slet dine coockies"

Det klassiske råd [slet dine coockies] ], for dem, der sætter pris på privatlivets fred til at beskytte sig selv mod internetsporing og målrettede annoncer på websider, fungerer ikke særligt godt mod den nyeste type af avanceret overvågning, som bruger alt fra din iPhones batteri status til hvilken skrifttype, du har installeret på din browser, siger Princeton forskere i en stor ny undersøgelse af 1 million websider, den største af sin slags.

Sporingsværktøjerne finder ud af, hvilken person du er, og serverer dig så målrettede annoncer, hvis du besøger disse sider. Data om dig samles sammen og sælges til andre annoncører. Du læser nyhederne gratis (nogle gange) og nogen bliver betalt for at skrive det, og sjove kattebilleder får deres serveromkostninger dækket.

Men sporingsværktøjerne bruges også til at bygge kundeprofiler, som kunderne ikke har nogen kontrol.

"Adskillige træk ved nettet ... bruges eller misbruges, afhængigt af hvordan man ser på det, af disse sporingsfirmaer og forskellige andre enheder i annonceteknologiernes økosystem" siger studiets medforfatter Arvind Narayana, lektor i computervidenskab ved Princeton. "De bruges på smarte måder til at spore, hvor brugerne bevæger sig på nettet."

Princeton forskerne undersøgte nettets topsider og fandt tegn på aggressiv sporing. To af topsiderne havde hver over 81000 sporingsværktøjer. Det meste af sporingen var imidlertid samlet blandt nogle få giganter, Google, Facebook og Twitter var de eneste tredjeparts sporingsværktøjer, der var tilsted på mere end 10% af siderne.


While consolidation in the ad market is understandable, security professionals were alarmed by the more "esoteric" methods of tracking they uncovered.

These new techniques form a kind of "browser fingerprinting." Even if you're doing your best to clear your cookies and always fill out online forms using the name "Sir Fluffius Hottentot," sites can still identify you using these more discrete markers.

"It doesn't involve putting a cookie on the computer. It doesn't go away when you clear your cookies," said Narayanan. "Any time the company encounters you online they're going to know it's one particular device because your device behaves the same way."

The exact list of fonts you've installed can be a data point. How exactly your browser processes audio data can be another. Always resize your browser window to a certain point? That's another tell. Even your battery status level.

That last one could be used to unmask users who think they've taken steps to hide their web history.

"If your browsing one website and browsing another anonymously and the same tracker is embedded on both of those, the tracker can read your battery level and discharge rate and see both changing at the same rate," said Narayanan.

Princeton chart
© Princeton
The researchers found instances of a kind of graphics function tracking called "Canvas Fingerprinting" on 14,371 sites, font list fingerprinting on 3,250 sites, audio fingerprinting trackers on 579 sites, and battery level tracking in two different tracking scripts.

"A combination of your browser version, OS version, Flash version, amount of RAM, etc. is a surprisingly accurate way of tracking users on the web," said Chester Wisniewski, principal research scientist at security firm Sophos. However, he cautions that it's unlikely these methods will be widely used online.

"The advertising industry must be careful to not take steps that may draw attention from privacy regulators. We have seen limited use of these techniques to date, but the legitimate industry hasn't seemed to embrace the use of these details on most surfing," said Wisniewski.

The Princeton researchers say though is all it takes is one major third-party group to start using a method for it be found on thousands of sites. Narayanan cited an example where a previously little-used technique went to 5 percent adoption on the web after a single third-party developer deployed it. "That number can change in the blink of an eye," he said.

But what may be more alarming is that most consumers have no idea they're being tracked in these new ways. "There's a total lack of transparency. We want to shine a light on the dark corners of the internet," said Narayanan.

He recommends users concerned about their privacy use programs like Ghostery, Disconnect and ad blockers to cut down on the tracking.

Reached for comment, Laura Goldberg, a spokeswoman for the Internet Advertising Bureau, an industry trade group, said the organization, "has a strong, long-held commitment to consumer privacy," a self-regulatory advertising standards program, and "regularly evaluates new tracking mechanisms."