Enemy of the state

Will Smith plays Daniel Zavitz who unwittingly witnesses a political murder and reports it to a journalist. The call is monitored and the NSA then get involved. The film is a conspiracy-thriller and shows in detail how the government is able to build up a profile of Smith from his habits and past – then track his every move via CCTV, cell phones and satellites in an effort to capture him and cover up the killing

The film is a great example of how hard it is when not only is big brother watching you but is able to anticipate your next move. We can run an analogy to the user profiling which is prolific when browsing the internet today. Do you have an equivalent big brother watching you and every move you make as you surf.

On a recent blog post I showed how going to a single website involved data being downloaded to my machine from a multitude of other sites. None of this data was essential to browsing the website that I was on, but purely for the purpose of third parties.

HOW DOES THIS HAPPEN?

There are a variety of methods – the simplest being a link or picture within the page that is taken from another website. Others are a little more inconspicuous. People who send our marketing mailshots are able to track when users read the email – how many times etc. This is usually done by placing a pixel transparent image into the email – websites do exactly the same thing. Lots of embedded links which are invisible to the user

So what’s the problem? – if I go to Amazon and search a product I see it as an advert on another webpage is it a big deal?

Well the first obvious question is how does the second website know that it is you to show you the advert. Most companies who create the tracking technologies will tell you that they do not collect your name. But that is not to say that they do not collect your email address, your physical address etc. This is also tied into the physical world. How many times you have made a store purchase only to be asked your email address – all this information is collated together to get a profile of you.

Most of this information is then sold onto companies so that they can target you with relevant adverts. On a recent talk with a local council they told us there was a project underway to add wireless points to all lampposts in the town centre. Not so you can remain connected with wi-fi but so as you walk around town targeted adverts and money off offers can be sent down to your mobile phone for shops just ahead.

All in all this is big business. According to the Interactive Advertising Bureau digital revenue from advertising in the US alone hit $19.6 billion dollars for the first quarter of 2017, a 23% rise on the same period the previous year.

The man point of this is not to say a targeted advert is a bad thing – the problem is that way that your data is being harvested and then sold on. Data can include your race, household income, religious preferences, who you bank with, and pretty much everything else that you can think of. Just by looking at the browsing history of a person you can learn a lot about them, especially over a prolonged period of time. On a recent customer engagement we looked at the history of a user and could clearly see the url, username, and password used to access their main web based financial system. Although not visible to the user this was stored on the machine in clear text.

Do not think that a tracking cookie is only active while you are browsing that particular site – most of them gather data constantly. And don’t be too sure that deleting your browsing history is going to help. When in Internet Explorer you delete your history, it disappears from the default day view. However, go to the search path and start typing a url in and watch the history appear.

This is a problem which needs to be addressed. The selling of information is a lucrative business and available to anyone who wants to bid on it, with very few checks on how it is being sold or to who and for what purpose. It would be extremely naive to believe that none of this information has never been used for malicious purposes. Given that over 90% (https://w3techs.com/technologies/details/ce-cookies/all/all) of these cookies are talking to non-secure websites then there is also the threat of capturing the data whilst in transit.

The General Data Protection Regulation (GDPR) is trying to address this issue amongst others but it is difficult to see how the world can change in such a way so as to match the requirements in the timeframe set out, and it seems that as with all regulation things are open to interpretation. But that’s a much larger topic of conversation that we may go into at a later date.

Francesco Giarletta (Avanite CEO)