Know Privacy Report: Google Web Bugs on 88% of Websites

I'm very proud of the Know Privacy team, a group of three students who performed a broad analysis of online privacy issues for their master's project at UC Berkeley's School of Information. The study is featured today on the New York Times Bits blog. Several findings are notable:

They found: "From our analysis, it is apparent that Google is the dominant player in the tracking market. Among the top 100 websites this project focused on, Google Analytics appeared on 81 of them. When combined with the other trackers it operates, such as DoubleClick, Google can track 92 of the top 100 websites. Furthermore, a Google-operated tracker appeared on 348,059 of 393,829 distinct domains tracked by Ghostery in March 2009 (over 88%)."

Also, under the Bush administration, the Federal Trade Commission has framed privacy as one of "consumer harms." That is, they claimed (without any evidence), that consumers really cared about privacy issues that caused harm. However, in an analysis of the FTC's own consumer complaint data, the group found that American consumers were most frequently complaining about a lack of control over personal information.

The team investigated web site affiliate sharing too. The public policy debate around information sale generally is limited to third parties. There is a growing consensus, driven by international privacy rules, that companies should not sell personal information to third parties without affirmative consent from consumers. However, affiliate networks are very large, and US privacy law generally does not allow consumers to restrict the flow of personal information among affiliated companies. In looking at the top websites, the average had almost 300 affiliates. Newscorp, the company that owns myspace, has 1,500 affiliates. Identifying affiliates was very difficult: "We sent each company a request via email or an online web form for a list of each affiliate they may share data with. We received 14 replies, but none included the lists we asked for."

Finally, it's worth checking out the team's findings on third party tracking: "...36 of the [top 50] websites affirmatively acknowledged the presence of third-party tracking. However, each of these policies also stated that the data collection practices of these third parties were outside the coverage of the privacy policy. This appears to be a critical loophole in privacy protection on the Internet." Regulators should rethink this practice. Websites claim that they do not sell personal information to third parties, but then they allow third parties to follow you on their site. This seems to me to be outside consumers' expectations.

Tags

More like this

In his non-book-review of Garret Keizer's new book, Privacy, "Reason" Magazine correspondent includes this ill-informed quip on privacy: With regard to modern commerce, Mr. Keizer grumps: "We would do well to ask if the capitalist economy and its obsessions with smart marketing and technological…
Imagine a newspaper oped with half a dozen fallacies. Such a thing could appear in any newspaper in the US. But now imagine that the author is a Rhodes Scholar and you’re left with the Wall Street Journal’s L. Gordon Crovitz. For years I’ve followed the bizarre arguments of L. Gordon Crovitz, who…
The Ponemon Institute and TRUSTe have just released their annual Most Trusted Companies for Privacy report. As part of this report, the groups asked consumers about the factors--positive and negative--that shaped their perceptions of companies' privacy practices. (Full disclosure: I am a fellow…
In this series of three guest posts, lawyers Daniel Vorhaus and Lawrence Moore of the excellent Genomics Law Report provide insight into the intriguing question of what happens to customers' genetic data in the event that a personal genomics company goes out of business. Part II and III of this…

And this blog has both Google Analytics and Double-Click tracking it.

Now the real question: Does blocking these tracking sites with the NoScript add on to Firefox really keep them from tracking you?

Live HTTP Headers plugin for Firefox should show whether the Googlebugs are communicating with the mother site(s).

By Matthew Platte (not verified) on 02 Jun 2009 #permalink

I block googlebugs. Not because of privacy concerns - just because I operate a policy of blocking anything that isn't really needed. Combined with agressive cacheing. A response to my tendency to saturate my connection for hours at a time transfering large files.

@Chezjake, I'm going to be looking at that question this summer.

@Matthew, thanks for that pointer; I hadn't heard of that plugin!

@Suricou, how do you block them? Do you use a proxy like Privoxy or some plugin?

I do use privoxy, yes. But that's only one layer. The google ad blocker is handled by Squid - I have it configured with a regex blacklist I can use to add custom exclusions.

I also have iptables rules set to block some particually troublesome hosts and suspicious packets. My router is not exactly standard consumer gear.

Science today has changed, I hope you used the right way, because there are medications such as vicodin, oxycodone, Lortab, etc, are anxiolytic and although much help to soothe the pain, can be double-edged weapon to control pain, so indicate in findrxonline to be confident that this discovery is beneficial to all.

Suricou Raven sounds like me.

I doubt there's much tracking of my web habits going on.

Aggressive caching is a godsend when popular sites tend to run slowly at night.

are most of these "tracking bugs" just single pixel jpeg files on sites?

By genewitch (not verified) on 05 Jun 2009 #permalink

How ironic that this site (according to the Ghostery Firefox extension) has eight web bugs on it; Google Analytics, Quantcast, SiteMeter, Amazon Associates, Doubleclick, ShareThis, ChartBeat, and Technorati Widget.

Now, what would be useful would be some information on how to block these insidious spyware bugs. Some of us value our privacy.

By brolin1911a1 (not verified) on 11 Jun 2009 #permalink