Who collects data about me while I am surfing?

An interesting plug-in for Firefox can be a real eye opener: Lightbeam (former Collusion) shows who shares with whom and who connects to which third party sites. While activated, Lightbeam collects detailed data about all sites the browser connects to during the session and can display them in multiple views. For a quick overview the graphical view is the most impressive:

Yes, I visited only 3 well known sites during that session and those sited connected to 48(!) third-party sites  (I disabled all content blocking before). Some of those sites are easily capable to correlate the information from multiple sites, thus building up full cross site surfing profiles.

While I can understand that some of the sites have to earn their money with advertisements, this is a bit much for my taste. There are different ways to deliver advertisements without the need to sell off every user of the page to one or more of the big data collectorsβ€”sadly almost nobody uses them …

PS: I wonder if it is possible to write a similar extension for chromium based browsers …

20 comments Write a comment

  1. Does the extension also show to what sites it itself connects to? πŸ˜€

    Btw, I am having real difficulties blogging here. Is there a way to enter text the way you enter text in the forums, i.e. plain text paragraphed by simple returns, marks some as code (pre) and hit publish? The wysiwyg htmliser mangles everything beyond repair.

    And how do you subscribe to blogs here? Blogs, not blog entries? My Opera was vastly superior. Really sad to see it go…

  2. Of course not πŸ˜€

    But I looked it up (my router is capable to do a very detailed logging) and it does not connect to any site it doesn’t need for working – and it doesn’t need to connect as long as you don’t share or you don’t want to look up the meta data like location etc. of an entry.

    In the end: Unzip it and look for yourself what it does, connection building is easy to recognize in the code πŸ˜‰

    About blogging:
    Don’t ask me, I use the source editor πŸ˜€

    About subscribing:
    I did not try it yet. doesn’t the “Subscribe to blog” button at the top work?

  3. Right, I didn’t notice the subscribe to blog button in the midst of subscribe to entry buttons everywhere.

    And blogging, looks like I have to do like you, write full HTML locally and publish that. Slower rate of publishing this way. I guess I must install some authoring tools again now after a decade…

  4. I’m different; naive perhaps but defiantly different. I honestly don’t care about being “followed” on the internet. I don’t care about tracking cookies nor do I care that Google, Microsoft, Apple, Amazon and a host of others are trying to sell things to me. Fact is, I’ve made some great deals online because I was informed of them in a timely manner. I bought two Lenovo Thinkpads Carbon X1 Touch laptops for my wife and me on Black Friday as a result of being tracked and being informed of the sale. In all I saved close to $800 and now own two beautiful (well… my wife has one! LOL) laptops or ultrabooks if you will.

    Business is business. There are no free rides and I understand and appreciate this. Everyone seems to be looking for free but never wants to ask the real question: why is it free? why are people giving this to me for nothing? In general, they’re not. There’s an expectation or something hidden in the EULA that indicates that what you think is free has strings attached. That’s fine with me. I don’t mind ads as long as they’re not intrusive. I’m not going to shut off all ads with an extension just because I want to be free of them. If it helps the site owners when I click on ads on his page, then by all means… I’ll make a few clicks to make it worthwhile for him/her.

    So there you have it. Naive? Uninformed? A sucker? Maybe… but I can live with labels (and I can also live with great deals… besides, I like to shop and so does my dear wife[oh my… does she EVER like to shop]). πŸ™‚

  5. [quote]There are no free rides and I understand and appreciate this. Everyone seems to be looking for free but never wants to ask the real question: why is it free? why are people giving this to me for nothing? In general, they’re not.[/quote]I am not very particular about prices, but I am quite particular about honesty. If the zero price comes with strings attached, it actually comes with a price, and this must be clearly stated up front. People get justifiably angry at sneaky business methods.

  6. I entirely agree. Dishonesty is something I will not tolerate and once that is discovered, I become their worst enemy. Now with regards to buying and selling (and I know that this blog entry was more inclusive than simply business-related issues), I understand that some “free” software come with strings such as convenience/inconvenience (i.e. ads that constantly appear when the software is used such as Avast and AVG trying to upgrade you to the paid-for product). So you have to come to a decision whether that inconvenience of seeing the ad is worth the $30 savings or not and in general for me it’s not worth it. I don’t want to be bothered by free software trying to upsell me so if I like the software, I’ll buy it. Being served up ads based upon my searches, on the other hand, is fine with me. Like I said before, I’ve actually found great deals and saved hundreds of dollars in the process from computers to travel packages. Google reads my mail? Big deal. Bing reads my mail. Don’t care. I know they’re scanning for key words to serve up ads. Fine with me. Now… when and if the tracking cookies start slowing down my computer… then that impinges upon my enjoyment of the internet and that’s an entirely different story. Then the tracking cookies must go so I’ll flush them temporarily. And so the cycle continues… I guess.

  7. … but sorry, do you really think the average page owner – even with a news portal + forum that attracts about 1.5 Million unique visitors per month (like the one that one of my friends owns) gets paid from [b]all[/b] of those 19 tracking things he has to put on the page?

    A server that can stem that load does not come for free and he has to live from that too, so he needs the ads to pay for it, but the sad fact is:

    Only 3 pay a reasonable amount.

    So, in the end he offers the platform with valuable content that attracts users for them, which is a s**tload of work, they put their code in and don’t pay decently?
    But he can’t throw the others out because if he throws out one of them the side contracts of the others will be canceled too etc.
    Tricky situation.

    The only ones who really earn with that are the advertising companies like Google et al.

    That irks me.

  8. It doesn’t irk me. You see… I honestly don’t care. As I said, I’m perfectly content with Google tracking me along with Amazon etc. I don’t have a security issue over this nor do I see anything nefarious. It’s business, pure and simple and I use it to my own advantage. I don’t visit many sites anyway so it’s relatively easy to set my preferences for cookies on these sites. And as far as ads are concerned, I generally allow them on sites I use regularly UNLESS they’re intrusive.

  9. And as for the small web owners trying to determine what to block and what to allow based upon contracts etc… that’s not my problem. I guess my attitude would be: if it’s too hot in the kitchen, get out of the kitchen. You might say that in a way I look at this in a somewhat selfish manner. What benefits me? As well… I try to accept some responsibility by allowing ads and helping to pay for my surfing the supposed “free” web.

  10. [quote]I guess my attitude would be: if it’s too hot in the kitchen, get out of the kitchen. (…) in a way I look at this in a somewhat selfish manner. What benefits me?[/quote]

    If the first is about the website owners who don’t benefit and the second about you:
    Isn’t that a contradiction?

  11. Very possible contradiction (seems my life is built upon quite a few of them). I want to be honest about this. First and foremost I try and look after myself. Geeze, if I don’t who will? In general I pay my way and don’t always expect a free ride. Now granted, if free is offered without strings and it’s desirable, I’d be a fool to turn it down. As an example: I use Windows 8.1 and find that Windows Defender along with Windows firewall and Smart Screen filter all built into the OS is adequate for my needs AND it’s offered free of charge (well… I suppose one could argue that it’s built into the price of the OS but that’s quibbling). I’m not about to search for a “free” alternative (i.e. Avast, AVG) for two reasons: I don’t believe I need the perceived better protection and I don’t want the aggravation of being constantly badgered to upgrade. If Windows did NOT offer Windows Defender and Smart Screen Filter and a firewall, I would undoubtedly “buy” a paid-for suite (i.e. Norton, Bitdefender) and not go with a so-called “free” alternative. Okay… so what I’m saying is: I look after my needs first but in a responsible way.

    Secondly, I try to take some responsibility online and that means allowing ads from places that I frequent. If others are getting in on the clicks via cookies, that’s not my concern but rather the owner of that website. He’ll have to lock it down as best he can. I don’t run a website for that reason (as well as others) so my attitude is: it’s his problem and his decision to make. I don’t feel an obligation to him.

    Lastly, I don’t like to go through life looking over my shoulder. My attitude is: take reasonable precautions (what I consider reasonable) and get on with whatever it is. I don’t see a communist plot behind everything. I don’t see the NSA zeroing in on me in particular and caring about my communications. I don’t care about being tracked across the internet. I don’t worry about being hacked at the bank or the online stores I visit. As I said… I take some precautions but I don’t obsess over them. I’m not a measurer: that is, I don’t go over to AV Comparatives and compare numbers to find the so-called best security options. They’re all flawed to some extent anyway and it’s largely a matter of opinion and whose you are going to give credence to in the final analysis. We could argue about that and email clients and browsers etc etc etc and never come to complete consensus. There is no best this or that.

    Sorry for the long ramble but maybe it has cleared up some things about me rather than the actual topic at hand. LOL

  12. [quote] I don’t worry about being hacked at the bank or the online stores I visit.[/quote]
    No need to, they get hacked all by themselves.
    I’ve seen big data breaches with millions of credit card informations stolen every 2 days during the last months, the “Target” store breach with over 70 million stolen card data being only the tip of the iceberg and for that you didn’t even need to buy online, only at their shop. Just some minutes ago I’ve seen a funny news about 4 billion USD tax refunds that were paid to fraudsters who used stolen identities in 2012.
    http://www.cbsnews.com/news/irs-refunded-4-billion-to-identity-thieves-last-year-inspector-generals-report-says/

    … but in the end [i]that[/i] has nothing to do with Lightbeam.

    Surf profiles can lead to different offers for different people and I don’t mean advertisements, but e.g. credit offers. I have seen a case with my own eyes, in which the offer depended on the [i]place[/i] from where the person wanted to pay a good with deferred payment. The added interest varied by a substantial amount when the same person used the same smartphone in another local cell (oh, the wonders of geolocation ;)) – and all because someone or some system made up some statistics and did not get it right. That is not a single issue, it happens every day.

    How about health or life insurance fees depending on which political group some software things you belong to, depending on your postings you made somewhere to prove a point, correlating those that with some obscure data that shows that people belonging to such a group become obese because of eating too fat and drinking too much alcohol and thus are prone to heart attacks?
    … or the same data given to the person who calculates the rates for the payment of the new house a family wants to buy?

    Sounds far fetched?

    May be apart from the political group it is [b]not[/b].
    You can buy such data sets from respectable 1) companies that are specialized in exactly those things and for our country I can even name some of the companies and tell you how much those datasets cost and what they contain. That is no paranoia, that is reality.

    Advetisments are a nuisance but I can live with those (I don’t block them) but I really do not like trackers that analyze every step I take in the net and analyze every word i write to build a fictional profile of me. Just look into the page code and the injected scripts – it is all there. No paranoia and conspiracy theory needed.

    Those private data miners are way to curious for my taste.

    1) at least they are official and pay their taxes but IMHO they are not respectable because they don’t do their job right – but still banks and insurance companies rely on them to “minimize” their risk.

  13. Funny sidenote, not directly related:
    I should have written: “Who sells the my info” in the headline. πŸ˜€

    The US fraud, that gathered about [url=http://www.cbsnews.com/news/irs-refunded-4-billion-to-identity-thieves-last-year-inspector-generals-report-says/]4 billion USD tax refunds last year[/url] simply bought all data – no hacking needed, according to another source:
    “#####.info (annotation: The fraudster page where you could buy those data. URL removed) actually bought its information from a company that was purchased by Experian, one of the three major credit bureaus in the USA”

  14. QuHno, yes it is like the Wild West all over again but much scarier. The day will come when we would much prefer the sight of an outlaw wagging a pistol at us, than the mountain of data “evidence” piled against us, much of it full of errors. There is truth in imagination…only if more people would use it.

  15. I’m seeing your point more clearly now, QuHno. Thanks for the clarification. Perhaps ignorance is bliss, eh? I don’t worry too much about this perhaps because I don’t fully understand the implications. Then again, I have more pressing things that consume me. If you read my latest blog entry you would see that I’m dealing with chronic pain and the possibility of back surgery. Real concerns that cannot be ignored definitely trump theoretical concerns regarding the implications of profiling internet users. I haven’t yet experienced the “bad” side of this profiling but I imagine that will come.

    Tell me… since this “IS” a concern for you, what steps have you taken (or will you be taking) to counteract these negative effects of being tracked? It’s one thing to have your browser inform sites that you do not wish to be tracked but that is dependent upon the sites honoring your request. So… how do you go about protecting yourself?

  16. Facebook.com today:
    “Turning 10, Thanks to You
    Our 10th birthday only happened because of all your friendships, stories and memories along the way. Thank you.”

    Revealing wording.
    This would have been less creepy: All your data, friends, memories, are belong to us!

  17. Oh, I don’t know. I personally don’t find it creepy but I can imagine that some see it that way. I suppose it also depends upon how gullible some people are. I decided when I joined FB that I would lock it down to friends regarding sharing … period. My 23 paltry friends (along with a few family members) is perfect for me. We share a few images… keep in touch… ask for help (i.e. as you can see from my post above… I’ve been in a lot of pain and the encouragement I’ve received from my FB group has been phenomenal). The relatively benign data that I’ve “given over” to FB is fine with me. The truth is, we give away our identity all the time whether to social sites like this one or blogging sites which can be even worse. I know one guy who has given to the public so much of his personal information on his blogs that I blush to think of the ramifications. I guess he just doesn’t care about it.

    I have few issues with moderate sharing, hence I am JamesD as opposed to captainxyz. I include a small image of myself knowing that others exist. I’m not trying to hide my identity but at the same time, I fail to see the point of even joining a community like this if you are afraid to reveal anything of yourself. Even Jon, our fearless leader, goes by his real name.

  18. [quote]Even Jon, our fearless leader, goes by his real name.[/quote]
    Yes, here and in some other places and he seems to know exactly what he is writing, when he uses his real name – but would you notice, if he would post under a different name? πŸ˜‰

    I for myself use several “personalities” depending on where I post and on what I post – in some official cases I even use ma full name and address but that is very rare. Yes, this nickname, which is the first nick I ever used in the web, is “burned” because it is connected with my real name and I use it just [i]because[/i] it is easy to track. My others are deliberately not connected to me, sometimes it would be harmful or even outright dangerous to use anything that is connected to me (I am associated with a CERT and I for sure will not use my real name while hunting down information in the dark places of the web. Some of the people there are literally dangerous for your health if you come too near to them).

    [quote]Tell me… since this “IS” a concern for you, what steps have you taken (or will you be taking) to counteract these negative effects of being tracked?[/quote]
    I have taken different routes, one of the first and simplest things is to stop sending any information that is not necessary to get the content, meaning:

    Blocking active contents as far as possible and regular cleaning of all caches (a 304 server response tells you that the server “knows” too that you have been there before ;)). If it is not possible to block all active contents (especially JS and Flash), I make at least sure that no unnecessary 3rd party content gets loaded. The next thing is to switch my IP and my “exit point” occasionally to break up IP based sniffing. For geolocation sniffing I use my own local geolocation provider that sends different coordinates. For some sites I use several filtering proxies that are distributed over different countries, some of them are not transparent, for harder cases I use TOR or similar measures. The whole bunch of measures is a bit much to describe here, but it is not really necessary for normal use cases.

    Additionally I avoid connecting or combining accounts or being signed in to social sites or sites that are coupled with search engines and for sure I will not log in to a site with e.g. a facebook account to leave a comment or read some content.

    In the end it is really hard to avoid [i]all[/i] tracking and that is where a very important different approach comes in:
    I am politically active to get things changed. I want trackers to be opt in and not opt out or – even worse – not visible for the average user. IMHO it should be the user who decides if giving up his privacy is worth the additional value he gets for it, not any greedy company.

  19. Thanks for the information. You’re far more knowledgeable than I and I can see from your words that privacy is more warranted in your circumstances. I really don’t do that much online, QuHno, other than connect with a few family members which is the most important part of my online activity and then visit a few forums such as this one. It’s good talking with you since I learn new things (and I’m always open to learning new things even though I’m getting older). πŸ™‚

Leave a Reply


Vivaldi