The savvy Web user knows that the Internet isn’t all fun and games. There are plenty of companies out there watching every move a user makes, with an aim to sending their way ads they will click on. But just how many companies are tracking you can be shocking, especially when you don’t know what they know about you, and you have never in your life heard of them before.
On Wednesday Alexis Madrigal of The Atlantic published a piece he had been working on at least since January, when he first tweeted about Collusion, a plug-in built by a Mozilla engineer that keeps a record of all the sites you have been to in a browsing session and all of their ghostly, behind-the-scenes counterparts: the sites that keep track of what you do on each site. I installed Collusion when I saw his tweet, and I immediately saw that visiting a single site could pick me up more than 20 trackers.
But when I read his essay yesterday, the feeling of navel-gazing fascination—Wow! all this time I didn’t know that many people were watching me!—morphed into a pretty deep frustration. Here is an account of what Collusion showed me over the course of a day.
When I checked Collusion on the morning of March 1st after an hour of browsing, I already had a thick web of trackers draped around me. I had visited about 50 sites (in grey), and picked up about 50 verified trackers (in red; the size of a dot indicates the number of connections it has).
There were the usual suspects, appearing in vaguely shady but expected ways. Facebook showed up long before I actually visited Facebook; it noticed me on sites that allow it to watch visitors, in hopes of making it easier for their content to be shared (most media sites, including this site, do this). The tracker DoubleClick.net, which is how Google Display Network ads gets their information, also appeared almost immediately. Makes sense: ads are what makes it possible for the free content of the web to exist, and Google Ads is a hugely popular network. I was glad to see that the staff chatroom we use and a site that apparently tracks its performance weren’t in the thick of the web, though.
An hour later, a strange little cluster, all of verified trackers, showed up in the lower left corner. What the heck was that? I had not actually visited any of the three sites, so it’s still mysterious to me how they found me. But the strangers didn’t stay unconnected long. At 11:41, I looked in to see one of those sites, advertising.com, lazily hooking itself up to Mother Jones. In fact, many media sites tracked me across dozens of other sites, apparently via the trackers they all share.
By noon, the little ivory tower of the chatroom had gotten sucked in. It turned out that the company that monitors the software’s functionality is itself monitored by several trackers, and by the end of the day Collusion reported that at least five other sites were monitoring something—Collusion can’t tell you what—about my behavior in the chatroom. Most of those sites I had never heard of before today.
As the afternoon wore on, it was just a matter of accretion.
5:30 pm, at slightly larger scale, to make the connections clearer.
I consider myself fairly well acquainted with the economic realities of the Internet. However, the amount of shared information between trackers, as well as the sheer number of them, was unsettling, and as I considered the huge rats’ nest that I probably share with a good many other web users, I got a little bit angry. Though you might think that if you put in the time and do the homework you could opt out of everything, every little cookie dropped on you, it turns out you can’t, at least not without resorting to a third-party app to help you. One of the most chilling parts of Alexis’s piece explained what happened when he tried to opt out:
After opting out, I went back to Collusion to see if companies were still tracking me. I found that many, many companies appeared to be logging data for me. According to Mozilla, the current version of Collusion does not allow me to see precisely what companies are still tracking, but Stanford researchers using Collusion found that at least some companies continue to collect data. All that I had “opted out” of was receiving targeted ads, not data collection. There is no way, through the companies’ own self-regulatory apparatus, to stop being tracked online. None.
You can still use cookie-blocking plug-ins and such to shake your trackers, to be sure. But a lot of people don’t know how to do that, or don’t realize the extent to which they are being tracked. And—here’s the most disturbing part—with all the information these trackers have, it would not be hard for an interested party to connect the dots and break the barrier between someone’s “anonymous” Internet existence and their real-life existence. This is exactly what happened in 2006 when twenty million AOL searches linked to specific users were leaked. The New York Times, using just the search records and readily available public information, like the phone, demonstrated that they could identify the users in real life. One of the great benefits of the Internet, for many people, has been its promise of anonymity. To keep everything free, though, users are, whether they realize it or not, may have to give that up.
To me, that’s depressing. I would rather pay a bit for a reasonable expectation of privacy.