In Tuesday’s column about Google’s foray into alt-cookies, we touched on the idea that a seemingly simple goal—to prohibit any tech or advertising company from tracking your activities across websites that they don’t own—is incredibly difficult to achieve. Below I’ll lay out a few simple ways to ameliorate, though probably not prevent, the wide-scale tracking of our Internet activity by corporations. We’d call it cyberstalking if it were a human being doing it.
Much of this tracking is for adverting purposes: to collect data on you to show you more relevant ads. Sometimes it’s used for other publicity purposes, as with Facebook collecting data on your Web activity in order to suggest relevant interests. Since many companies have no policies restricting their use of the data they collect, it could be deployed for all sorts of other purposes too, or of course, handed over to the National Security Agency.
You may think, “It doesn’t matter, because the data is anonymous.” It’s true that your name is generally not associated with such advertising profiles, but just because your name isn’t on the data doesn’t mean it’s anonymous. Given enough consumer data—even completely noninvasive data about your interests and purchases—it is quite easy to de-anonymize you. In a 2008 study, two University of Texas–Austin researchers identified a significant number of people from their Netflix queues alone, using a dataset Netflix had made public as part of a campaign to improve its movie recommendation system. According to law professor Paul Ohm, the law is far behind on regulating this sort of mass corporate cyberstalking. Maybe your cyberstalker just wants to show you ads. That doesn’t change the fact that he’s stalking you! And this cyberstalker never gives up.
At any rate, people should be making an informed, affirmative choice about how much tracking they will consent to. To control the amount of access that Internet companies have to your activity, you need enough knowledge to follow a few fairly simple steps.
Step 1: Block third-party cookies
If you are using Chrome, Firefox, Internet Explorer, or most other browsers to read this piece—anything but Apple’s Safari, more or less—third-party cookies are most likely on by default. (Internet Explorer sends a supplicating “Do Not Track” header, but it’s akin to a Dickens orphan asking for seconds. For the most part, the industry ignores it.) Advertising companies like DoubleClick and AppNexus use them to track individual consumers across sites where they serve ads. When Firefox threatened to turn them off by default, trade lobbying group and astroturf merchant Interactive Advertising Bureau called it a “nuclear first strike, ” and Firefox has so far relented.
How can you resist throwing a dirty bomb at those bullies? Here’s how to turn off third-party cookies on Chrome, Firefox, and Internet Explorer. The Google Chrome browser on Android doesn’t allow you to turn off third-party cookies only, so if you’re using Chrome, you’ll just have to disable all cookies.
In general, mobile devices are substantively less private and anonymous than PCs. Every smartphone is tied to one specific account that does have your name on it. Especially on mobile, switching to a more flexible third-party browser—such as Mozilla’s Firefox—is well-advised.
Step 2: Opt out
The consumer benefit to switching from cookies to a company-controlled identifier—Apple’s at the moment, and potentially Google’s in the future—is that it centralizes privacy controls, giving the company some incentive to police grotesque privacy violations by their corporate clients. The downside is that Apple or Google may limit just how much users can opt out, since they will effectively have a monopoly on tracking identifiers. They don’t want to kill the goose that lays the golden eggs; they just want to own the roost.
Google and Apple both offer reasonable opt-out choices such as Google ad preferences, DoubleClick opt-out, and iOS’s limit ad tracking. It’s unclear exactly to what extent they prevent data collection, rather than just limiting advertising. But having your name on a company’s list of people who don’t want to be tracked can’t hurt.