Data Privacy and Tracking

Personal privacy on the Web involves the right to concealment regarding online storage, reuse of material, distribution to other parties, and public displaying of information pertaining to the content an individual puts on the Internet. .  Concerns relating to online privacy have arisen since the beginning of computer sharing. The number of trackers collecting information on user’s activities online has been steadily increasing. Data brokers are companies that gather publicly available information about a user and sell it to third parties that may find it useful. These companies analyze a plethora of data, including information such as zip code, income, ethnicity, search history, to name a few examples ( http://finance.yahoo.com/news/keep-data-brokers-from-tracking-you-online-anonymously-202256230.html). Some of this information is sold to marketers, employers, and government agencies. What this information is used for depends on the context. Some is used to screen potential employees, background checks, and personalize online advertisements. This has raised some unease regarding security and personal privacy.

Data Leakage
The level of online privacy is decreasing as their is a growing disconnect between increased leakage to, and by, aggregators with methods for protection. “Leakage” is defined by Krishnamurthy, Naryshkin & Wills as any distribution of a user’s private data to a third party site. First party sites distribute information to third parties to obtain analytics catered to the user’s interests. Krishnamurthy, Naryshkin & Wills (2011) used Alexa.com to draft a list of websites that provided users the ability for registration and signed up for accounts. They identified the ten most popular websites out of seventeen categories. Social networks based on the web was a special category because they contain sensitive information. Leakage was observed when upon confirmation of an account. When logging in and navigating through the website, private information was given to an unidentified third party server. It appeared as though it was a first party domain, but was actually a third party address. The results depicted that 56% of the sampled websites directly leaked private information to at least one third party domain. Additionally, 48% of the websites leaked a user ID to third-parties. This occurred mostly through social networks. Combined, 75% of the websites directly leaked the user ID or private information to at least one third party.

Instances of Data Leakage
The Wall Street Journal was found to be passing user’s names and emails to third parties. In response, they claimed that it was done in error and they are working to correct the situation. The Wall Street Journal has a data protection policy which forbids sharing or selling personal information. The children’s site, ClubPeguin.com, tested positive for providing usernames to twelve separate companies. Disney stated that these third parties are not allowed to use the information for anything besides specified purposes, such as ad serving and traffic reporting. The receivers of this data claim they do not keep the usernames. Pandora admits to using the first half of a user’s e-mail address to track ad traffic. They use gender, age, and zip code information to provide the user with relevant advertising. This is an occurrence that exists on most websites that allow for user registration.

Methods for Maintaining Individual Privacy
If a user is looking for privacy from third parties, they may simply delete their cookies, or use two different machines to visit the same website. However, if an aggregator develops a globally unique identifier (GUID) for a user, than the aggregator is able to create linkages that relate to the user’s records regardless. This is especially possible if the user is a frequent visitor of a website and the website consistently leaks information to third parties. An example of a GUID would be using the same email address for registration across multiple sites. Moreover, there are also instances where one site leaks the GUID of a user on a different site. For example, if a user were to visit two different News sites and share a story on their Facebook, that user’s Facebook user ID is stored in the first party’s cookies and leaked from these respective sites to hidden third parties. IP addresses may also be used to create linkages without using cookies. Along with disabling cookies within the browser settings, there are many other methods that can be used to prevent leakage. There is software that can be used to filter out domain names, such as Adblock Plus. Users may also disable scripts, such as Javascript, however this may cause some issues when visiting certain websites that require its use. Filtering protocol headers can be done through extensions or at an intermediary. Some browsers can use this to modify or remove the referer header in an HTTP request. Anonymizing yourself by using proxies, VPNs, or a Tor browser will hide your IP address. Users are also able to opt out of tracking by using some extensions or programs to decline the use of cookies.

Federal Trade Commission (FTC)
The Federal Trade Commission (FTC) is a branch of the United States government that is intended to protect the country’s consumers. The FTC is working towards enforcing Privacy by Design, an initiative that would provide privacy settings within websites and software by default. However, they have not addressed a number of privacy issues. Their official website outlines that online privacy and security is each individual user’s legal responsibility. The FTC has not assessed whether or not there are successful safeguards regarding linkage of data when economic acquisitions of aggregators occur, which is a frequent circumstance. Also, they have not looked into if aggregators in agreements with first-party sites are enforcing their policies or the terms outlined in said agreement regarding data leakage. It has not been verified whether users have the right to erase their personal data stored by the aggregators or hidden third party tracking methods.