The people want to overthrow the ad tracker

Date posted: May 31, 2011

You have every reason to be paranoid about your privacy in a digital world, says Dominic White, a security consultant at SensePost and self-proclaimed ‘argumentative Catholic hacker geek’, known under the pseudonym ‘Singe‘ online. White was a speaker at ITWeb’s Security Summit recently held in Sandton, where he discussed the politics and technology around online privacy.

The consequences of data-tracking online, by governments, media owners, advertisers and social media services, are greater than many trackers would allow, White told me in a phone interview, in that you never know what kind of picture trackers are building off your browsing habits or where and to whom they will be selling that data.

That picture they built can land you in a ton of trouble, especially as reams and reams of new legislation get passed in what results, according to White, in the overcriminalisation of the economic and personal lives of citizens. In short, if you tweak Big Brother’s interest, you are bound to get nailed for something somewhere.

In addition, data tracking can result in organisations such as life or health insurers buying up behavioural data and, next time you request an online quote, it might well result in an increased premium or other penalising features being quoted back at you.

White asks what access employees have to all the data being gathered by ad trackers, and points out that even the best online security gets hacked, as banks and other financial inductions have discovered to their cost.

In short, data-based profiles have consequences for real life, while we have neither access nor control on and over the profiles third parties are building on us. We cannot modify them, set the record straight nor delete these profiles.

There are three classes of thought in trying to find a solution to the question of online privacy, says White. First, there is a legislative effort to shape what data can be gathered and how it can be used. In the US, so-called ‘Do Not Track’ legislation is being considered, aimed at protecting consumer information from being used without consent.

Then there is the John-McCain- and John- Kerry-backed Commercial Privacy Bill of Rights Act, which aims to lay down “down fair information practices”, as well as acknowledge the right of individuals, to control how information on them is collected, used, stored or transferred. Enforcement and jurisdiction remain a concern.

Then you have actual enforcement through available technology such as Adblock Plus and GoogleSharing – both Firefox add-ons that counter trackers. GoogleSharing mixes the requests of many different users together so that Google is not capable of telling what requests are coming from whom. Adblock Plus removes online advertising from websites you visit and blocks known malware domains.

A third way, and one which White favours, is active subversion, where consumers find ways both of blocking data tracking and of increasing the cost of data tracking (GoogleSharing is one example of achieving both counts). White became interested in digital security during his school years and became part of the local hacking community. At Rhodes University, he belonged to a group of hackers who targeted one another with each other’s permission and later he created a tool stripping out Google’s ability to track link clickthroughs from search engine results. White sees his interest in privacy as a natural by-product of his interest in security.

Many South Africans still need to wake up to the fact that international firms are building profiles of them and these have a transactional value, says White – SA companies are increasingly willing and able to purchase these profiles from international suppliers to supplement their own data.

Something many of us have been hearing a lot about is how public the lives of modern teens have become and how this generation is comfortable with sharing their digital data. The next generation of consumers are OK with ad tracking, we are told, at the same time as being made to feel old and odd for having privacy concerns.

White argues that while teens certainly post more content – especially on social networks – they closely control who gets to see what. For example, many a teen have frantically untagged themselves where they feature in photo galleries of friends at parties they should not have been. They effectively use tools such as friend groups on Facebook to specify who has access to what personal data. More information does not equate to living your life in public, as White points out.

A number of security and privacy scares, such as the recent PlayStation Network breach and revelations that the iPhone stores unsecured location for up to one year, has given online privacy advocates a boost. Rebellion in the Middle East and North Africa and the government security sweeps that followed have reminded people that autocrats like micro-managing their subjects and have themselves the ability to sniff out online dissidents offline.

White firmly believes that, ultimately, users should have control of the data gathered on them. They should be able to remove that which they don’t want known and be empowered to decide how the data gathered on them can be used.

Read the full story on BizCommunity