Online Tracking

Web Bugs | WSJ’s What They Know | Persistent Tracking | Congressional Testimony

KnowPrivacy: Web Bugs
knowprivacy.googleprofile In June 2009, I published a landmark paper with two colleagues at the UC Berkeley School of Information examining the common practices among website operators of collecting, sharing and analyzing users’ data. We compared industry practices with users’ expectations of privacy, identified points of divergence, and made recommendations for changes in industry practice and government regulation. We also built a website that illustrated the prevalence of web tracking software among the most visited websites. Read more

The Wall Street Journal’s What They Know Series

The age of computing has created a new economy, in which data on people’s habits, activities and interests is collected, sold and traded, often without their knowledge. In July 2010, The Wall Street Journal launched the What They Know series to document new, cutting edge uses of tracking technology and what the rise of ubiquitous surveillance means for consumers and society. I served as the technology consultant for the series. The reporting team was a finalist for a Pulitzer Prize in Explanatory Reporting in 2012. Read more

Some examples from the series:

circle The web’s new goldmine: your secrets: The Wall Street Journal‘s What They Know series began in July 2010 with this article, which outlined the broad array of cookies and other surveillance technology that companies are deploying on internet users. It revealed that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry. Read more (behind paywall) or view interactive graphic

Tracking children online: In 2010, the Wall Street Journal team examined 50 sites popular with U.S. teens and children to see what tracking tools they installed on a test computer. As a group, the sites placed 4,123 “cookies,” “beacons” and other pieces of tracking technology. We found that marketers are spying more on young Internet users than on their parents, building detailed profiles of their activities and interests. Read more or view interactive graphic.
tracking safari How Google tracked Safari users: In 2012, I found that Google and other advertising companies had been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. Google was using cookies to trick the Safari web browser into letting them monitor many users.  Read more or view interactive graphic.
staples Websites Vary Prices, Deals Based on Users’ Information: In December 2012, the Journal identified several companies that were consistently adjusting prices and displaying different product offers based on a range of characteristics that could be discovered about the user. Read more or view interactive graphic.
they know what you're shopping for They Know What You’re Shopping For: Companies are increasingly tying people’s real-life identities to their online browsing habits.  For this Journal story, I found that Dataium was collecting the email addresses of individuals browsing auto websites and using that to profile people when they walked into dealerships to shop for a car. Read more about the technical details or view interactive graphic.

Persistent Tracking

I have done significant technical research and writing regarding the privacy problems in the use of cookies, which advertisers commonly use to track a user’s behavior on the internet.

flashcookies1.fig3 Flash Cookies and Privacy: In 2009, I published a paper with two colleagues at the UC Berkeley School of Information called Flash Cookies and Privacy.  The paper examined of the use of ‘Flash cookies’ by popular websites. Read more
Kissmetricspersistenttracking Flash Cookies and Privacy II: In July 2011, we published a follow up study called Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning that reassessed the flash cookies landscape and examined a new tracking vector, HTML5 local storage and cache cookies via eTags to enable persistent tracking. Read more
Kissmetricsprivacypolicy Respawn Redux: In August 2011, I also published a technical paper – Respawn Redux – detailing the mechanisms behind Hulu/KISSmetrics’ respawning practice detailed in Flash Cookies and Privacy II. Read more
gingerbread_man Cookies from Nowhere: In February 2012, I published a technical writeup that described Google’s ability to track Safari users everywhere there is a +1 button on the web, even when users have 3rd party cookies blocked. Read more
you websites trackers watchers Behavioral Advertising: The Offer You Cannot Refuse: I worked with other researchers to investigate changes in online tracking tools from 2009 to 2011. Our work demonstrates that advertisers use new, relatively unknown technologies to track people, specifically because consumers have not heard of these techniques. Furthermore, these technologies obviate choice mechanisms that consumers exercise. This paper won the Computers, Privacy & Data Protection 2014 Multidisciplinary Privacy Research Award, which is given to the paper that best “describes new ideas in privacy and data protection in a multidisciplinary setting.” Read more

Testimony on State of Consumer Privacy

I regularly appear as an expert witness on policy matters related to consumer privacy. #testimony


On March 16, 2011, I testified at the Senate Commerce Committee’s hearing on consumer privacy. Other hearing witnesses included representatives from the Federal Trade Commission, the US Department of Commerce, Microsoft, Intuit, Group M Interaction, and the ACLU. Read more
Other Projects

Installation art projects can help consumers visualize how their data stream is connected to their physical person.

digital_shadow In 2008, I collaborated on a project called Digital Shadow, which created an interface to help users explore the record of our online actions and identities by extending the metaphor of the digital shadow into the physical world.  We created an interactive floor projection to display a “shadow” of personal information around users in the interaction space.  Read more