Company tracking
It’s not just the secret third-parties that
watch what we do, sometimes it’s the sites we trust. In late 2011 blogger Nik
Cubrilovic showed how Facebook was using persistent cookies that could track
web use even after a user had logged out from the social network.
The news that the social media giant might
be quietly watching exterior online behaviour quickly spread across the
internet and brought angry responses on blog posts and forums (which, to be
fair, is not an unusual location for those sort of reactions).
Facebook immediately addressed the issue
and went to great lengths to reassure people that it hadn’t gathered
information; rather, the cookies were used as a form of security against
spammers and unauthorized log-ins, or worked with the ‘Like’ functions found on
various sites around the web. Within two days of the news breaking, Facebook
fixed the apparent bugs.
But that wasn’t the end of the matter;
shortly afterwards, Cubrilovic was contacted by a friend on Twitter who had
found a third-party site on which Facebook had set one of the previously
offending ‘date’ cookies, only now it was capable of returning information to
Facebook without the user having logged in.
The cookie worked behind the ‘Like’
function on the page and was able to identify the user even if they didn’t
interact with the widget. Cubrilovic investigated further and found several
other sites now ran these cookies.
Facebook was again quick to respond. It
said it wasn’t a re-enabling of the cookies, but rather a bug that affected
certain sites that called the API in a non-standard way. It fixed the issue and
assured users that it didn’t build profiles using this kind of data.
Although it’s reasonable to accept what
Facebook says – after all, it did move quickly to plug Facebook was again quick
to respond. It said it wasn’t a re-enabling of the cookies, but rather a bug
that affected certain sites that called the API in a non-standard way. It fixed
the issue and assured users that it didn’t build profiles using this kind of
data.
Although it’s reasonable to accept what
Facebook says – after all, it dis move quickly to plug the gaps and was open
about its reason for using cookies – this isn’t the only occasion on which its
attitude to user privacy has been brought into question.
Several times in the past few years
Facebook has introduced new functions and automatically opted-in user, often
making data that was previously private suddenly public at least until users
sent around instructions of how to reserve the problem.
There
are more than 800 million Internet users on Facebook.
The latest instance was in June, when
Facebook replaced each user’s email address with an @faacebook.com alternative,
without asking their permission or letting them know it had happened. A story
also emerged in July that revealed the existence of a Facebook ‘Data Science
department’, which analyses information on its users to search for patterns
that may be of later use.
In an article by Tom Simonite, which
appeared on MIT’s Technology Review site (tinyurl.com/cjdc3e5), it was reported
that one of the team’s data scientists, Etyan Bakshy, had already conducted an
experiment. According to Simonite, Bakshy “messed with how Facebook operated
for a quarter of a billion users”.
Over a seven week period, the 76 million
links shared by Facebook’s users were logged. Then, on 219 million randomly
chosen occasions, Facebook prevented someone from seeing a link shared by a
friend.
Hiding links this way created a control
group, so that Bakshy could assess how often people promote the same links as
their friends because they have similar information sources and interests.
The theory might be interesting, and the
results potentially useful, but the methods of obtaining the information are
questionable.
Of course, it’s not only Mark Zuckerberg
and his social scientists that are watching our clicks with interest. Twitter
recently hit the headlines when it was revealed that the micro blogging company
had sold two years’ worth of archived Tweets to data research company DataSift.
Social-media app Path was found to be
uploading contact data from iPhones without the consent of their owners.
Android phones (mainly in the US) were being sold preinstalled with Carrier IQ
software that some analysts believed was capable of tracking keystrokes and
text messages.
Android
phones (mainly in the US) were being sold preinstalled with Carrier IQ software
that some analysts believed was capable of tracking keystrokes and text
messages.
And last February, The Wall Street
Journal reported that Google had been tracking users of Apple’s mobile
Safari browser through cookies that acted as if the user had granted permission
for ads to be displayed, despite the ‘do not track’ setting being enabled.
During the investigation, it was discovered that a few other large advertising
companies were also using similar coding to capitalize on the loophole in
Safari.
Google responded that the newspaper
mischaracterized what happened and said in a statement that it “used known
Safari functionality to provide features that signed-in Google users had
enabled. It’s important to stress that these advertising cookies do not collect
personal information.”
Google promptly disabled the code and Apple
set about closing the loophole in its browser. Google didn’t have to admit to
any wrongdoing, but the US Federal Trade Commission fined it $33.9m for
misrepresenting what it was doing. The fine is the single biggest penalty it
has enforced.
The search giant also drew criticism from
privacy groups after it announced the unification of its privacy policy.
Previously, each of its service had individual polices, all of which were
specifically tailored to the nature of the application. When it decided to
bring together more than 60 of them under one banner, it also meant the
services themselves would be able to share information to build up a better
picture of a user and their practices.
Google wasn’t collecting more information,
simply organizing it better. Due to the composite nature of the different sets
of data, the information would be more valuable to advertisers.
Recently, the company also revealed a new
feature for its Android mobile operating system: Google Now. It acts as a
personal assistant, similar to Apple’s Siri, but the aim of Now is for it to
learn about your behaviour where you live, how you travel, foods you like to
eat, places you like to shop… It will then combine this with location data to
provide you with information relevant to your interests. It’s hugely ambitious,
possibly brilliant, but your privacy is once again being brought into a
questionable area where a device is tracking how you live.
