[linux-elitists] Browser fingerprinting
ruben at mrbrklyn.com
Mon Oct 7 16:18:56 PDT 2013
>> Who's got a browser that comes up reasonably generic
>> on Panopticlick, and what did you do?
> I'm thinking that operating a local proxy that screws with the data that
> fingerprinting relies on, and that changes it at semi-random intervals,
> might be a good solution.
> Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient.
> linux-elitists mailing list
> linux-elitists at zgp.org
Or maybe not :)
Sunday - front page of the NY Times:
It has truly reached a point where there awt to bealaw.
Selling Secrets of Phone Users to Advertisers
By CLAIRE CAIN MILLER and SOMINI SENGUPTA
SAN FRANCISCO — Once, only hairdressers and bartenders knew people’s
Now, smartphones know everything — where people go, what they search
for, what they buy, what they do for fun and when they go to bed. That
is why advertisers, and tech companies like Google and Facebook, are
finding new, sophisticated ways to track people on their phones and
reach them with individualized, hypertargeted ads. And they are doing it
without cookies, those tiny bits of code that follow users around the
Privacy advocates fear that consumers do not realize just how much of
their private information is on their phones and how much is made
vulnerable simply by downloading and using apps, searching the mobile
Web or even just going about daily life with a phone in your pocket. And
this new focus on tracking users through their devices and online habits
comes against the backdrop of a spirited public debate on privacy and
On Wednesday, the National Security Agency confirmed it had collected
data from cellphone towers in 2010 and 2011 to locate Americans’
cellphones, though it said it never used the information.
“People don’t understand tracking, whether it’s on the browser or mobile
device, and don’t have any visibility into the practices going on,” said
Jennifer King, who studies privacy at the University of California,
Berkeley and has advised the Federal Trade Commission on mobile
tracking. “Even as a tech professional, it’s often hard to disentangle
Drawbridge is one of several start-ups that have figured out how to
follow people without cookies, and to determine that a cellphone, work
computer, home computer and tablet belong to the same person, even if
the devices are in no way connected. Before, logging onto a new device
presented advertisers with a clean slate.
“We’re observing your behaviors and connecting your profile to mobile
devices,” said Eric Rosenblum, chief operating officer at Drawbridge.
But don’t call it tracking. “Tracking is a dirty word,” he said.
Drawbridge, founded by a former Google data scientist, says it has
matched 1.5 billion devices this way, allowing it to deliver mobile ads
based on Web sites the person has visited on a computer. If you research
a Hawaiian vacation on your work desktop, you could see a Hawaii ad that
night on your personal cellphone.
For advertisers, intimate knowledge of users has long been the promise
of mobile phones. But only now are numerous mobile advertising services
that most people have never heard of — like Drawbridge, Flurry, Velti
and SessionM — exploiting that knowledge, largely based on monitoring
the apps we use and the places we go. This makes it ever harder for
mobile users to escape the gaze of private companies, whether insurance
firms or shoemakers.
Ultimately, the tech giants, whose principal business is selling
advertising, stand to gain. Advertisers using the new mobile tracking
methods include Ford Motor, American Express, Fidelity, Expedia, Quiznos
“In the old days of ad targeting, we give them a list of sites and we’d
say, ‘Women 25 to 45,’ “ said David Katz, the former general manager of
mobile at Groupon and now at Fanatics, the sports merchandise online
retailer. “In the new age, we basically say, ‘Go get us users.’ “
In those old days — just last year — digital advertisers relied mostly
on cookies. But cookies do not attach to apps, which is why they do not
work well on mobile phones and tablets. Cookies generally do work on
mobile browsers, but do not follow people from a phone browser to a
computer browser. The iPhone’s mobile Safari browser blocks third-party
Even on PCs, cookies have lost much of their usefulness to advertisers,
largely because of cookie blockers.
Responding to this problem, the Interactive Advertising Bureau started a
group to explore the future of the cookie and alternatives, calling
current online advertising “a lose-lose-lose situation for advertisers,
consumers, publishers and platforms.” Most recently, Google began
considering creating an anonymous identifier tied to its Chrome browser
that could help target ads based on user Web browsing history.
For many advertisers, cookies are becoming irrelevant anyway because
they want to reach people on their mobile devices.
Yet advertising on phones has its limits.
For example, advertisers have so far had no way to know whether an ad
seen on a phone resulted in a visit to a Web site on a computer. They
also have been unable to connect user profiles across devices or even on
the same device, as users jump from the mobile Web to apps.
Without sophisticated tracking, “running mobile advertising is like
throwing money out the window. It’s worse than buying TV
advertisements,” said Ravi Kamran, founder and chief executive of
Trademob, a mobile app marketing and tracking service.
This is why a service that connects multiple devices with one user is so
compelling to marketers.
Drawbridge, which was founded by Kamakshi Sivaramakrishnan, formerly at
AdMob, the Google mobile ad network, has partnerships with various
online publishers and ad exchanges. These send partners a notification
every time a user visits a Web site or mobile app, which is considered
an opportunity to show an ad. Drawbridge watches the notifications for
behavioral patterns and uses statistical modeling to determine the
probability that several devices have the same owner and to assign that
person an anonymous identifier.
So if someone regularly checks a news app on a phone in bed each
morning, browses the same news site from a laptop in the kitchen, visits
from that laptop at an office an hour later and returns that night on a
tablet in the same home, Drawbridge concludes that those devices belong
to the same person. And if that person shopped for airplane tickets at
work, Drawbridge could show that person an airline ad on the tablet that
Ms. Sivaramakrishnan said its pinpointing was so accurate that it could
show spouses different, personalized ads on a tablet they share. Before,
she said, “ad targeting was about devices, not users, but it’s more
important to understand who the user is.”
Similarly, if you use apps for Google Chrome, Facebook or Amazon on your
cellphone, those companies can track what you search for, buy or post
across your devices when you are logged in.
Other companies, like Flurry, get to know people by the apps they use.
Flurry embeds its software in 350,000 apps on 1.2 billion devices to
help app developers track things like usage. Its tracking software
appears on the phone automatically when people download those apps.
Flurry recently introduced a real-time ad marketplace to send
advertisers an anonymized profile of users the moment they open an app.
Profiles are as detailed as wealthy bookworms who own small businesses
or new mothers who travel for business and like to garden. The company
has even more specific data about users that it does not yet use because
of privacy concerns, said Rahul Bafna, senior director of Flurry.
Wireless carriers know even more about us from our home ZIP codes, like
how much time we spend on mobile apps and which sites we visit on mobile
browsers. Verizon announced in December that its customers could
authorize it to share that information with advertisers in exchange for
coupons. AT&T announced this summer that it would start selling
aggregated customer data to marketers, while offering a way to opt out.
Neither state nor federal law prohibits the collection or sharing of
data by third parties. In California, app developers are required to
they collect and how they share it. Still, that leaves much mystery for
ordinary mobile users.
More information about the linux-elitists