Google Linking Anonymous Browser Tracking with Identifiable Tracking

Google's new ways to violate your privacy and -- more importantly -- how to opt out.

Posted on November 3, 2016 at 1:00 PM • 27 Comments

Comments

SlinkyNovember 3, 2016 2:13 PM

You "opt out" of Google's tracking by not signing up for their services in the first place, not by unchecking some checkbox.

BirdNovember 3, 2016 2:49 PM

I knew Facebook could track people clicking on "Like" buttons, but I had no idea they could still track people even if the "Like" button isn't clicked on.

I suppose they track people visiting 3rd party websites using session cookies that are transmitted to Facebook when a 3rd party website fetches the "Like" button from Facebook's servers.

What angers me is Gmail scanning my emails. I think most people consider their email conversations private (just ask John Podesta). I don't care if it's machine learning algorithms doing the searching/scanning with no human intervention or not. It's disturbing to know my emails are being rummaged through without a search warrant, period.

It all goes back to the old saying. "If You're Not Paying for It; You're the Product not the Customer."

Opting out of every product and service connected to the internet is virtually impossible and would take massive amounts of time to figure out how to do it on each and every service. Services frequently changing end-user agreements that automatically opt-in everyone to tracking 'features' is equally time consuming to stay on top of due to new changes being buried in the fine print on page 30.

Personally, I've given up opting-out for the most part. I take the easiest approach and simply refuse to sign-in to services when I use them. Not signing in to Google Search and Maps is a good idea. Clearing all browser session cookies frequently is also a good idea if the thought of corporations stalking you around the internet and building dossiers about your life, troubles you.

snooperNovember 3, 2016 3:41 PM

@Bird

I think you just hit the nail on the head if your not paying for the product then you are the product but in googles case even if you pay your still be squeezed for that extra cent.

I would recommend ditching email altogether it is inherently public the whole architecture is public Protonmail is a breath of fresh air in this regard and is definitely how all email should be transported i.e. encrypted with only the end users having the keys.

As regards to clearing cache on your browser it's pretty hard to get round these tracking companies, just "duck duck go" canvas tracking and browser fingerprinting.

https://panopticlick.eff.org/

To prevent fingerprinting you can use noscript or Tor.

NopeNovember 3, 2016 3:44 PM

Youtube gave me "Reactions to youngest mothers" as a recommendation.

That's when I figured google knows too much about me. Waaaay too much...

Jasper MaskelyneNovember 3, 2016 4:59 PM

Dear Customer,

By using this website, not using this website, or merely thinking about the domain name of this website, you agree to let us enter your home at any time during the night and sodomize your children and pets.

But, because we are a responsible company, we've graciously allowed you the optional option of opting out. All you have to do is follow the "OPT OUT" links across 43 separate pages to actually get to the "OPT OUT" form. Be sure to include your full name, jockstrap/girdle size, porn genre preference, and your home router's wifi password, or your option to opt out is no longer an option.

Sincerely,

Trustfundbaby McFratboy, CEO
Motte-Bailey Corporation
A Division of Race-to-the-Ethical-Bottom, Inc.

MarkNovember 3, 2016 5:13 PM

Similar to WhatsApp going back on its promise not to share data with Facebook.

We cannot trust these companies -- especially the American tech companies. They have no respect for our privacy. In fact, they're laughing at us for so willingly sharing every inane aspect of our lives.

otherwiseNovember 3, 2016 5:22 PM

@Jasper Maskelyne

Disgusting but true.

People surfing porn are disgusting.

People "surveilling" other people surfing porn usually twice as disgusting, and moreover likely to be tempted into identity theft, stalking, and sexual crimes against those under their surveillance.

Think about what happened to the personnel of the "Stasi" of East Germany. A "lustration" or purge was held, and former Stasi personnel were considered almost like sex offenders in Britain or the U.S. today --- under various legal restrictions, not allowed to work with children etc., etc.

GMSNovember 3, 2016 6:07 PM

German journalists also found out that the companies like the ones that produce "Web of Trust" and "Ghostery" also sell your data, in such amounts that people are identifiable. If you are interested I can put the German article here, but I should make its way to the English world in a few days.
One solution for the email would be to use a service like Posteo: https://posteo.de/en inexpensive, fairly secure and subject to German laws.

rNovember 3, 2016 6:12 PM

@GMS,

I'm likely not the only one interested to see information from any side of the pond in whatever languages available.

If you've got 'em, probably the best thing you could do is translate the title and post it to the squid.

NellyNovember 3, 2016 6:39 PM

@Bird

They will scan and not much you can do with it. But you can make their data collection useless. Subscribe to many, many, many mailing lists and import several thousand people in your address book. Now create a folder for only the mail and people you care about and use that folder as your inbox.

otherwiseNovember 3, 2016 6:48 PM

@GMS

The word "are" in my post above somehow ended up being replaced by "usually."

One solution for the email would be to use a service like Posteo: https://posto.de/en inexpensive, fairly secure and subject to German laws.

German laws don't help. They don't have jurisdiction here, and anyways I am mostly concerned about the universal local police surveillance of meatspace, and "evil maid" installation of spyware on any PC, phone, or device one might use, and local SSL interception by any of the "lawfully" compromised cert authorities. Local cops aren't any better than the NSA at keeping classified or private information classified or private, so their surveillance which I have witnessed (I suspect via COTS surveillance software) of my devices inevitably leaks out to local drug dealers.

[Technique: say or do something (even slightly out of the ordinary) in what you have every reason to believe is "private" space, then talk to police (or other busybodies) about a related subject, and observe their total lack of surprise or even outright admission that they know what you said or did there, which they have no legitimate business knowing.]

Along with the total surveillance we have a total lack of effort to enforce actual laws against drug dealing, prostitution, and other serious organized crimes, whenever they do rise to the necessary standard of probable cause to obtain a warrant.

The trouble is that in the U.S. criminal justice machine today, the gangsters and organized criminals can easily fight probable cause in court -- a "hint" to the judge is all it takes -- whereas Joe-who-is-being-framed has to make do with a public defender who literally has no choice but to waive the probable cause hearing and plead his client guilty if he wants to live to "represent" the next client.

TedNovember 3, 2016 7:04 PM

FTC to host second PrivacyCon on January 12, 2017.

The event is free and open to the public. It will also be accessible via a live webcast.
https://www.ftc.gov/news-events/events-calendar/2017/01/privacycon

The FTC is also seeking research presentations on consumer privacy and security issues.
https://www.ftc.gov/privacycon-call-for-presentations

Link to National Privacy Research Strategy (NPRS):
https://www.whitehouse.gov/blog/2016/07/01/priorities-national-privacy-research-strategy

gordoNovember 3, 2016 7:14 PM

The price of connection: ‘surveillance capitalism’
Shifts in our communication infrastructures have reshaped the very possibilities of social order driven by markets and commercial exploitation.
The Conversation | September 22, 2016 | Nick Couldry, London School of Economics and Political Science

The answer is that surveillance capitalism threatens an aspect of our freedom so basic that we are not used to defending it. Curiously, it is the German philosopher Hegel who can help us to identify where the problem might lie.


Like Kant, Hegel believed that the greatest good was free will, but he went further in clarifying what freedom might involve. For Hegel, freedom is impossible without the self having some space of autonomy where it can be in a reflective relation with itself. As he put it:

freedom is this: to be with oneself in the other.

Here the self is not isolated, but endlessly being mediated through the world: the world of other things and people, and of its past self and actions. But it can be free if it comes to grasp such processes as its own – related to its goals and not those of others. It is just this that becomes harder to sustain under surveillance capitalism.

In a world where our moment-to-moment existence is already being tracked and (according to some) better understood by external data-processing systems, the very idea of an independent space of subjectivity from which one can have “freedom” collapses.

https://theconversation.com/the-price-of-connection-surveillance-capitalism-64124

The above piece includes the following videos:

Bruce Schneier: "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" [42:22]

Knowledge@Wharton Interview - Big Brother is Watching Your Browsing | Joseph Turow: "The Daily You: How the Advertising Industry is Defining Your Identity and Your Worth" [23.33]

CONNECTED - short film with Pamela Anderson, Dree Hemingway & Jane Fonda
from Luke Gilfor [10:03]

jtgdNovember 3, 2016 9:38 PM

I always assumed Facebook and the others track me (customer or not) by tracking my IP address when my browser loads any page which then loads the Facebook icon (from Facebook). If I'm a customer then it gets the cookies too.

keinerNovember 4, 2016 3:03 AM

How naive does one have to be to think that ticking a box on a Google page and "deleting" (what ever that is) a browsing history online helps not to be tracked.

It's like putting a "Please don't break into my house" sign on the front door...

Mary scullionNovember 4, 2016 3:40 AM

Hi iv been the focus of professional hackers for years...i divorced from a major irish illuminati family in 2006...life has been hell...it would have been kinder if they just killed me quickly instead of this slow strangulation...I dont believe there is any way for the ordinary person to remain under the radar of a monied psychopath.

Rofl ReubenNovember 4, 2016 6:47 AM

@Bird

What most people consider is of no consequence since it's based on false assumptions and expectations. In gmail case even more so -- they told they would be scanning since day 1 back in 2004.

One could be angry, I guess. When one doesn't use gmail but has to mail people who use gmail. Still goes the same 'rationalise it as though it was your choice to mail these people', to a lesser extent.

That old saying you mention is of no consequence either, except as a sales pitch for all those who wish to try and compete with 'free' services. These days you may pay a fiver or a tenner or even a hundred... and still be a product. Think cellular companies or any of the two largest vendors of end-user proprietary operating systems. Cars too, maybe; although I haven't driven for a long time to know how bad it is with cars nowadays.

@Mark

Haha. I got a lot of flack and a sobstory about WhatsApp CEO's days in some 'totalitarian' USSR backwater when I suggested that WA might start sharing that tasty data. Now lookee here. What a plot twist. I almost feel bad for all those folks.

otherwiseNovember 4, 2016 8:10 AM

@Mary scullion, others ...

Be of good courage. The Scripture asks us, "For if the trumpet give an uncertain sound, who shall prepare himself to the battle?" but the answer is already there: "The noise of a multitude in the mountains, like as of a great people; a tumultuous noise of the kingdoms of nations gathered together: the LORD of hosts mustereth the host of the battle."

David LeppikNovember 4, 2016 11:58 AM

@Brent Longborough

I've done this for years. On Macs and PCs, it's easy, if you know where the file is. But on mobile devices (which are where I do a lot of my browsing) this won't work.

What's more, for years Google has been able to identify me on my iPhone without me logging in. When I launch a new Google app, it offers to let me log in without a password. I'm not sure how it's doing this; my wife usually has an identical iPhone on the same network, and it's never asked her. It's probably using device-specific data it attaches to my calendar or email requests. (Apple does randomly change MAC addresses and the like, but clearly that's insufficient.)

For those who don't know, to block Google's DoubleClick on Mac/Linux, add these lines to the file named /etc/hosts:

127.0.0.1       googleads.g.doubleclick.net
127.0.0.1       ads.doubleclick.net
127.0.0.1       ad.doubleclick.net
127.0.0.1       doubleclick.net
127.0.0.1       stats.g.doubleclick.net

comsecfailNovember 4, 2016 12:43 PM

@David

Apple do randomise the MAC address but only when scanning for networks. Once you are connected to one, your real address goes out.

GrauhutNovember 4, 2016 2:24 PM

@keiner: "It's like putting a "Please don't break into my house" sign on the front door..."

Thats it! Senseless ritualistic bs to keep that sheep brains calm. :)

If you want to consume web pages and have privacy you need knowledge and tools.

Imho a good start is to learn what happens with a plugin like uMatrix and then learn to block it with a tool like a pi-hole for all your devices.

UBlock Origin - My Permenent Rules ListNovember 5, 2016 6:34 PM

I seldom see ads with UBlock Origin, Secret Agent user Agent spoofer add-on to PaleMoon browser 26.5.
I just flashed my router moden to DD-WRT and set-up a VPN client with PIA, so govt agent ISP AT&T is clueless. Further unsecure wireless tablets are isolated from each other and my wired network.
Written on Ubuntu 16.10 (bye-bye Windows)

My Ublock list developed over a few years:
no-remote-fonts: * true
* abmr.net * block
* adobe.com * block
* adsrvr.org * block
* adtechus.com * block
* advertnetworks.com * block
* adziff.com * block
* ajax.googleapis.com * block
* amazon-adsystem.com * block
* assets.adobedtm.com * block
* bing.net * block
* condenastdigital.com * block
* cpx.to * block
* crowdtwist.com * block
* doubleclick.net * block
* doublepimp.com * block
* facebook.com * block
* facebook.net * block
* fonts.googleapis.com * block
* genericlink.com * block
* gigya.com * block
* google-analytics.com * block
* google.com * block
* googleadservices.com * block
* googlecommerce.com * block
* googlesyndication.com * block
* googletagmanager.com * block
* googletagservices.com * block
* gravatar.com * block
* gstatic.com * block
* heapanalytics.com * block
* imasdk.googleapis.com * block
* imrworldwide.com * block
* indexww.com * block
* install.wtf * block
* intermarkets.net * block
* linkedin.com * block
* ooyala.com * block
* optimizely.com * block
* pinterest.com * block
* quantserve.com * block
* rfihub.com * block
* sail-horizon.com * block
* scorecardresearch.com * block
* tiqcdn.com * block
* trackedweb.net * block
* twimg.com * block
* typography.com * block
* undertone.com * block
* vindicosuite.com * block
* yimg.com * block

VinnyGNovember 6, 2016 6:10 AM

@UBlock Origin re "rules":

About the time that Adblock Plus under Firefox began allowing commercial ads from their contributors (largely but not entirely coincidental timing) I switched to Pale Moon using the closest equivalent privacy extensions to what I had used under FF:
-Adblock Latitude
-Click&Clean
-Encrypted Web
-Noscript
-RequestPolicy

I did and do delete all of the "allowed" default sites in those products. I never saw a web page ad using FF, and I have yet to see one using Pale Moon (about 4 months now.) Can you be a little more specific about the privacy advantages (if any) of the extensions that you employ over my mix? Thanks.

VinnyG

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.